Flash Loan Bandit Strikes Again: CrediX Loses $200K in $2.64M Sonic Chain Exploit
Another day, another DeFi heist—this time CrediX takes the hit. Hackers pulled off a slick $2.64 million flash loan attack on Sonic chain, pocketing $200K before vanishing into the crypto shadows. Who needs banks when you’ve got unchecked smart contracts and audacity?
How It Went Down
The attacker exploited a loophole in CrediX’s liquidity pool, manipulating prices with a flash loan before draining funds faster than a Wall Street exec cashing out bonuses. The $200K haul? Just another Tuesday in decentralized finance.
Why It Matters
Flash loans—the double-edged sword of DeFi—strike again. No collateral, no problem… unless you’re the protocol left holding the empty bag. Sonic chain joins the growing list of networks learning the hard way: code is law, and hackers are its ruthless judges.
The Aftermath
CrediX’s team is scrambling to patch the漏洞 while Twitter’s crypto armchair experts debate whether this counts as ‘building’ or ‘theft.’ Meanwhile, the hacker’s wallet sits untouched—probably waiting for the next bull run to launder through an NFT. Stay tuned for the post-mortem nobody will read.
CrediX disabled deposits
The Sonic chain remains safe, but CrediX has not yet clarified the exact reason for the exploit. The lending startup announced that its deposits are closed to avoid further attacks.
website has been disabled to prevent users from depositing. Please use contracts to withdraw
— CrediX (@CrediX_fi) August 4, 2025
However, further investigation showed that the flash loan was not available to general users. The exploiter, instead, managed to secure admin access to a multisig wallet, allowing control over the bridge function.
Although the initial unauthorized withdrawals were small, the attacker managed to mint up to $4.5M in unauthorized bridged USDC tokens. The attacker minted collateral tokens, allowing the creation of a loan. The loan was outsized compared to the available liquidity, draining the protocol’s pool in essence.
According to SlowMist, the attacker prepared six days ago by gaining admin access to one of the lending platform’s multisig wallets. While the protocol did not have sufficient liquidity for a major hack, the ability to mint tokens unbacked by a deposit allowed the hacker much bigger leeway when taking out a loan.
CrediX extends series of small-scale attacks
CrediX is a relatively minor lending protocol, locking in just 219.64 SOL. The project aims to build up its growth as Solana-based lending is expanding. The attacked version is fully supported on Sonic, offering P2P lending between small-scale users.
The relatively small-scale hacks follow the attack on SuperRare, which took $730K by exploiting an infrequently used smart contract.
The attack against CrediX shows that even small and relatively obscure protocols are not SAFE when hackers find a way to drain their remaining liquidity.
The CrediX protocol has shown extremely limited activity, with most of the remaining funds locked in USDC tokens.
The attack happened at a time when Sonic bridging was generally highly active. The Sonic chain sees around 20K daily active users, sinking to a lower baseline after the HYPE around its launch. Sonic total value locked has also slid, from around $1B down to $439M.
The Sonic chain suffered a similar hack in May, where an oracle mispricing led to a $700K unauthorized outflow from Vicuna Finance. Sonic has also sparked fears of repeating the fate of Fantom, its earlier incarnation. Fantom was hacked for $200M and lost most of its volumes, later reinventing itself as the Sonic L2 chain.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
