DeFi platform CrediX Finance has disappeared from the web following a $4.5 million exploit that drained its liquidity pools, prompting suspicions of a coordinated exit scam. The incident was first flagged on Monday by blockchain security firms, who found that the attackers gained control of the protocol’s multisig admin and bridge wallets six days prior. Using this access, they minted new tokens, posted them as collateral, and then siphoned liquidity from CrediX’s pools. In response, CrediX immediately took its website offline to prevent additional deposits. But within days, the situation escalated. On Friday, the project’s official X account went silent, the website stayed down, and its Telegram channel was deleted.
Before vanishing, CrediX Finance issued a now-deleted statement claiming it had negotiated with the hacker. In the post, the team said the exploiter had agreed to return the stolen funds within 24-48 hours in exchange for a payment from the protocol’s treasury. CrediX also promised to fully reimburse all affected users via an airdrop. The deleted post read:
Reached successful parley with the exploiter who agreed to return the funds within the next 24-48 hours in return for money fully paid by the credix treasury.
No reimbursement took place. Instead, the project’s communication channels vanished, leaving investors with no official updates.
The collapse of CrediX has triggered wider concern in the DeFi ecosystem. Stability DAO, which was indirectly affected through exposure to CrediX assets, has stepped in to coordinate a response.
The DAO announced that it had identified two CrediX team members through know-your-customer information and would include them in a formal legal report.
Stability DAO is now working with other affected projects, including Sonic Labs, Euler, Beets, and Trevee, to trace the stolen funds and cooperate with law enforcement and cybercrime units. Stability DAO stated:
Our teams are collaborating to gather all evidence, trace the funds and coordinate with relevant legal and cybercrime units.
Trevee, one of the impacted protocols, reported that it had a $1.6 million loan to Stability’s metaUSD, which became fully exposed to CrediX after a bank run. The team has since reduced that exposure to just over $700,000 and paused the minting of its stkscUSD asset, setting a new backing price to stabilize the situation.
The incident underscores the ongoing vulnerabilities in DeFi, particularly around multisig wallet security and off-chain coordination, and raises fresh questions about how much trust can be placed in anonymous teams.
