The team behind the decentralized finance (DeFi) protocol CrediX Finance seems to have disappeared following a $4.5 million exploit that drained funds from the platform, raising suspicions of an exit scam.
On Monday, blockchain security firms flagged the exploit and determined that crypto assets worth $4.5 million had been taken from the platform. In response, the DeFi protocol paused its website to prevent users from depositing any more funds.
Blockchain security firm SlowMist wrote that six days before the exploit, the attackers accessed the protocol’s multisig admin and bridge wallets. The access was used to mint crypto that was used as collateral to drain the DeFi protocol’s liquidity pools.
On Friday, the platform’s official X account went dark. Its website has remained offline since Monday, when the exploit occurred. The company’s official Telegram account has also vanished, without any further announcements.
DeFi protocol vanishes after promising reimbursements
In a now inaccessible X post, CrediX Finance said on Tuesday that it had convinced the exploiter to return the funds in the next two days in return for money paid by the protocol’s treasury.
The company said it would fully reimburse its users for the funds lost from the hack through an airdrop.
“Reached successful parley with the exploiter who agreed to return the funds within the next 24-48 hours in return for money fully paid by the credix treasury,” CrediX said.
However, since then, the company has gone silent, deleting all of its official platforms.
Related: Top 100 DeFi Hacks: Offchain attack vectors account for 57% of losses
Stability DAO to name two members of CrediX Finance
Decentralized autonomous organization Stability DAO announced to its users that it is preparing a formal legal report. According to the Stability DAO team, it contacted affected teams, including Sonic Labs, Euler, Beets and Trevee (previously Rings Protocol).
They will work together with the authorities, hoping to recover the lost funds. “Our teams are collaborating to gather all evidence, trace the funds and coordinate with relevant legal and cybercrime units,” the Stability DAO team wrote.
The DAO said it will share a full incident report with the community, outlining what happened and what steps were being taken. The DAO also said it obtained CrediX KYC for two of their team members and that they will be added to the legal report.
Trevee said the hack indirectly impacted it through its $1.6 million scUSD loan to Stability’s metaUSD, which became fully exposed to CrediX after a bank run.
The team said it had cut its exposure to over $700,000. In response, the protocol paused the minting of its stkscUSD asset and set a new backing price.
Magazine: How Ethereum treasury companies could spark ‘DeFi Summer 2.0’
