Possible Rug Pull? CrediX Team Disappears After $4.5M Security Breach

After promising to compensate victims of the recent $4.5 million hack, the decentralized exchange CrediX has suddenly gone dark. The project’s team has deleted its social account on X and disabled its website. This raises questions about the possibility of a potential rug pull.

CrediX Loses $4.5M

CrediX describes itself as a decentralized finance (DeFi) protocol developed on Sonic. The platform focused on decentralized lending services.

Investigation from the blockchain security platform SlowMist showed that CrediX’s security breach began six days before the asset theft actually occurred.

SlowMist explained that the attacker added their wallet address to CrediX’s Multisig Wallet as Admin and Bridge. This allowed them to bridge minted collateral tokens through the system’s liquidity pool. Consequently, the hacker drained users of around $4.5 million worth of assets. The stolen funds were subsequently transported on-chain through various channels, including Tornado Cash.

Another Rug Pull?

After the hack, which occurred on Monday, the CrediX team shared a tweet. This tweet highlighted that the official website will be closed while they work to retrieve the stolen funds. Although this calmed most users at the time, any serenity within the CrediX ecosystem has vanished as the team disappeared.

With its X handle and website shut down, CrediX users, whose funds are stuck, remain uncertain as to whether their assets are retrievable.

Rug pulls, or exit scams, are malicious acts by projects that have garnered the attention of users. After luring investors to deposit their funds in the platform, the owners of the project use a backdoor exit to drain customers’ money. Crypto market experts believe that CrediX’s sudden disappearance suggests that the project executed an exit scam.

Notably, an X user revealed that Sonic Labs, Stability DAO, and other entities affected by the breach are working towards involving cybercriminal authorities to recover the funds. The user, affiliated with Sonic Labs, stated that the identities of two CrediX users are known due to a Know Your Customer (KYC) procedure they undertook.