The team behind the decentralized finance (DeFi) protocol CrediX Finance has disappeared just days after a $4.5 million exploit compromised the platform.
Blockchain security firm CertiK stated that the DeFi protocol’s official X handle and website have been offline since August 4, with suspicions of an exit scam gathering steam.
CrediX Finance Team Disappears After $4.5M Exploit
The CrediX Finance team has vanished following a $4.5 million exploit, prompting suspicions of an exit scam. Blockchain security firms flagged the exploit on Monday, confirming that crypto assets worth $4.5 million were drained from the platform. In response, CrediX Finance paused all operations to prevent users from depositing more funds. Blockchain security firm SlowMist gave a detailed breakdown of the exploit, stating that hackers had gained access to the protocol’s multisig admin and bridge wallets. The attackers exploited the access to mint crypto as collateral to drain the DeFi protocol’s liquidity pools.
CrediX Finance’s official X account went offline on Friday, and its website has been offline since the day of the exploit. The protocol’s official Telegram channel has also disappeared, with no announcements or official communication from the team. CertiK stated on X,
“Following the incident that resulted in a $4.4M loss, the CrediX Finance team has disappeared. X account is inactive, and the website hasn’t been brought back online since August 4.”
CrediX Finance Had Promised Reimbursements
CrediX Finance had claimed in a now inaccessible post that it had convinced the attackers to return the funds in return for the money paid by the protocol’s treasury. It had also said it would reimburse users for the funds lost during the attack.
“Reached successful parley with the exploiter who agreed to return the funds within the next 24-48 hours in return for money fully paid by the CrediX treasury.”
However, the DeFi protocol has since gone dark, deleting all official communications and all its official platforms. Security expert Harry Donnelly criticized CrediX Finance’s post-hack negotiation strategies, calling them a red flag for exit scams.
Legal Effort Underway
Impacted users and protocols are turning to legal avenues to recover the stolen funds. According to a Stability DAO Discord post, impacted entities, including Euler, Sonic Labs, Beets, and Trevee, are working with legal and cybercrime authorities to trace the stolen funds. Stability DAO stated that it had gathered evidence, traced the stolen funds, and accessed the KYC information of two CrediX Finance team members. Stability plans to submit the information as part of the legal filing against CrediX Finance.
“Our teams are collaborating to gather all evidence, trace the funds, and coordinate with relevant legal and cybercrime units.”
Stability DAO added that it will share a full report detailing what happened and the steps being taken with the community. Meanwhile, Trevee revealed the hack had indirectly impacted it through a $1.6 million scUSD loan to Stability’s metaUSD, which became fully exposed to CrediX following a bank run.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice
