GoPlus Security 🚦
GoPlus Security 🚦
SONIC+1.23%
USDC-0.01%
ETH+6.21%
BTC+0.44%
SOL+3.91%
🚨 BREAKING: $4.5M EXPLOIT ALERT 🚨 Thread 1/4 @CrediX_fi on #Sonic lost ~$4.5M after their multi-sig account was compromised and a malicious admin (0xF32168) was added to the ACL Manager contract. The attacker exploited admin privileges to drain funds, which have already been bridged to #Ethereum. ❌ Multi-sig compromised ❌ Malicious admin added ❌ Funds bridged to #Ethereum This is why multi-sig security matters 👇 🧵Thread below with full breakdown + how to protect yourself #DeFiSecurity #CryptoSecurity
CrediX
CrediX
Credix seems to have had a security breach. We are investigating and will share details soon.
Thread 2/4 ⚡ WHAT HAPPENED: - CrediX multi-sig wallet compromised - Attacker added malicious admin (0xF32168...) to ACL Manager - Used admin rights to mint fake acUSDC tokens - Drained $4.5M from lending pools - Funds already moved cross-chain to Ethereum
Thread 3/4 🛡️ PROTECT YOURSELF: Projects: ✅ Verify EVERY multi-sig transaction ✅ Use hardware wallets for multi-sig keys ✅ Implement time-delays for admin changes Users: ✅ Move funds from affected protocols NOW ✅ Follow official channels only ✅ Never ignore security warnings Stay safe out there 🙏
Thread 4/4 🔍 TECHNICAL DETAILS #1: The CrediX multi-sig account added a malicious admin account to the contract's ACL Manager through a transaction, specifically 0xF321683831Be16eeD74dfA58b02a37483cEC662e
Gallery 1
🔍 TECHNICAL DETAILS #2: The attacker leveraged admin privileges to mint credential tokens acUSDC.
Gallery 1
🔍 TECHNICAL DETAILS #3: Finally, they continuously borrowed tokens from the fund pool, ultimately causing approximately $4.5 million in losses.
Gallery 1
🎯Attacker address: 0xF321683831Be16eeD74dfA58b02a37483cEC662e 🎯Attacked contract: 0x0850A9759165B25832E2cAa3dB3f2d04dc583D4E 🎯Attack transactions: Through multiple cross-chain transactions, assets were transferred cross-chain to: ⚠️Another reminder: Multi-sig ≠ Multi-safe
Show original
Sourced fromtwitter
4.37K
7
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.