QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$4 400 000 USD
AUGUST 2025
GLOBAL
CREDIX
DESCRIPTION OF EVENTS
"Credix Finance is a decentralized lending protocol focused on providing unsecured loans to emerging markets, particularly in countries like Brazil, bringing fintech-driven credit solutions. It aims to break down the barriers of traditional financial systems and provide fair credit opportunities to more people."
"CrediX was not a marginal project: it boasted partnerships, significant volumes, and a reputation built on months of activity."
It appears that Credix was intent on stealing user funds from the very beginning.
The smart contract permissions were granted to the exploiter account around a week in advance of the attack.
CertiK reports $4.4m. Losses were widely estimated as $4.5m.
"The speed with which it went from being an active operator to a case of suspected fraud shows that even platforms with a large user base are not immune to sudden collapse. For investors and retail users, the message is clear: diversify, verify independent audits, and limit exposure to untested smart contracts."
"Following the attack, Stability DAO – one of CrediX’s main partners – said it was working to collect digital evidence and coordinate legal action. According to AInvest, two members of the CrediX team have already been identified through mandatory KYC procedures, an element that could facilitate possible legal proceedings. Other projects that had integrated or collaborated with CrediX – including Sonic Labs, Euler, Beets and Trevee – confirmed that they had been indirectly affected and had initiated internal audits to protect their users."
There is no indication of any recovery in this case.
There is ongoing investigation and legal action with former partners of the project.
Credix Finance, a decentralized lending protocol providing unsecured loans in emerging markets like Brazil, was revealed to have been a fraudulent project. Despite its partnerships, strong reputation, and significant transaction volumes, the team may have planned to steal user funds from the start. About a week before the exploit, the attackers granted their account smart contract permissions, leading to losses estimated at around $4.5 million. The collapse was swift, highlighting the risks of unverified smart contracts. Following the incident, partners such as Stability DAO began gathering evidence and pursuing legal action, with some Credix team members identified through KYC records. Other collaborating projects launched internal audits, but no recovery of funds has been reported, and investigations are ongoing.
Credix vanishes after $4.5 million exploit - Web3IsGoingGreat (Oct 23)
CrediX pledges full reimbursement after $4.5 million DeFi exploit - The Block (Oct 23)
CrediX team vanishes after $4.5 million exploit, deletes socials and takes website offline - The Block (Oct 23)
CrediX, $4.5 million exploit: suspected exit-scam and escape of the team after the attack - Decripto (Oct 23)
Crypto_Potato - "CrediX team disappears after $4.5M exploit. The DeFi lender's X account is inactive and its website offline since Aug. 4. @CertiKAlert flags it as a likely exit scam. Team had promised reimbursements post-exploitnone materialized." - Twitter/X (Oct 23)
CertiKAlert - "Following the incident that resulted in a $4.4M loss, the @CrediX_fi team has disappeared. X account is inactive, and the website hasnt been brought back online since August 4." - Twitter/X (Oct 23)
CertiK: CrediX Has “Disappeared” Following Multi-Million Dollar Hack - Crypto Economy (Oct 23)
RektHQ - "Six days of setup, minutes of execution. A compromised @CrediX_fi admin account minted worthless acUSDC tokens, borrowed $4.5 million against phantom collateral, then shipped everything to Ethereum. Someone with the right access decided payday had arrived. Story below..." - Twitter/X (Oct 23)
CrediX - Rekt (Oct 23)
Role Granting Transaction - SonicScan (Oct 23)
Primary Attack Transaction - SonicScan (Oct 23)
Additional Attack Transaction - SonicScan (Oct 23)
CryptoEconomyEN - "Flash News CrediX hit by $4.5M exploit, taken offline DeFi protocol CrediX has gone offline following a critical exploit affecting funds on the Sonic network." - Twitter/X (Oct 23)
coinpapercom - "NEW: #CrediX recovers $4.5M in stolen funds after major exploit!" - Twitter/X (Oct 23)
De_FiSecurity - "BREAKING ALERT: CREDIX EXPLOITED FOR $4.5M As per reports, the attacker was added as an Admin and Bridge to project's mutlisig; which later allowed the hacker to steal the funds Most of the funds were bridged to Ethereum chain in the end" - Twitter/X (Oct 23)
Resonancesec - "BREAKING: @CrediX_fi, a Solana/Sonic-based lending platform, just lost $4.5M in an exploit. Root cause? Unchecked admin privileges. No withdrawal checks." - Twitter/X (Oct 23)
0x11b6 - "CrediX_fi can greatly improve their IR public communications. Tweet thread with updates instead of individual tweets Users can more easily follow a tweet thread to get the entire context and updates made to a security incident. Individual tweets can get lost and context missing." - Twitter/X (Oct 23)
sxzeroo - "IMPORTANT: For all those affected by the $SOL DeFi hack. @solana lender promises to pay full $4.5M compensation to victims. Quick recap: On Monday, decentralized lending protocol @CrediX_fi suffered a $4.5M attack after a hacker took over one of its admin wallets. The hacker withdrew all funds to 3 Ethereum wallets while they are still there. The incident is the latest in a series of access and security issues plaguing DeFi in 2025..." - Twitter/X (Oct 23)
Weilin (William) Li - "The @CrediX_fi attack appears to be a private key compromise. The compromised address was granted role to mint unbacked Credix_USDC from air 6 days ago. The hacker was able to borrow and drain the market against this collateral." - Twitter/X (Oct 23)
BlockscopeCo - "In the early hours of today, @CrediX_fi was exploited on Sonic for ~$4.56M today. Setup: a compromised admin account (0xF321662e) with BRIDGE/other roles was used. Six days earlier, the multisig added the attacker via ACLManager." - Twitter/X (Oct 23)
Former Credix Homepage (Oct 23)
Former Credix Twitter/X Account (Oct 23)
Reimagining Private Credit: How Credix Finance is Transforming Access to Capital in Emerging Markets - LinkedIn (Oct 23)
