Sonic-based decentralized finance (DeFi) protocol CrediX Finance was taken offline after being struck by a $4.5 million exploit.
The protocol, which has been live for less than a month, revealed there was a “security breach” at 9:10 UTC on Monday. The website was taken offline to prevent users from depositing.
Blockchain security firm CertiK said all the stolen funds were bridged from Sonic to Ethereum and now sit in three separate wallets.
The method of attack remains is unclear but it’s worth noting that multi-sig wallet breaches became the most common attack vector in the first half of 2025, contributing to a total of $3.1 billion lost to hacks during that period.
“All users funds will be recovered in full within 24-48 hours,” CrediX wrote on X to quell the concerns of investors who were unable to access the website.