Advertise
- Nidhi Kolhapur
Nidhi Kolhapur
Nidhi is a Certified Digital Marketing Executive and Passionate crypto Journalist covering the world of alternative currencies. She shares the latest and trending news on Cryptocurrency and Blockchain.
- Reviewed by:
Zafar Naik - Aug 04, 2025 12:47 UTC
-
CrediX Hit by $4.5M Hack, Attacker Bridges Funds to Ethereum
CrediX lost $4.5 million in a multisig exploit after an attacker gained admin access.
The hacker used Tornado Cash and bridged funds from Sonic to Ethereum.
CrediX promises full fund recovery within 48 hours amid security concerns.
The DeFi project CrediX has reportedly been hacked, with losses estimated at $4.5 million. The incident appears to be the result of a private key compromise, which allowed the attacker to gain unauthorized access to the system.
CrediX Hit By Cross-Network Exploit
As a safety step, CrediX has taken its website offline to block new user deposits. Security firm CertiK reported that the stolen funds were moved from the Sonic network to Ethereum. So far, the attackerโs wallet still holds the stolen assets, and there has been no further movement.
Cyvers Alerts, a Web3 security firm, also flagged multiple suspicious transactions on the Sonic network involving CrediX. According to them, an address funded via Tornado Cash on Ethereum bridged funds to Sonic, then borrowed around $2.64 million from CrediX.
Access Flaw Lets Attacker Drain CrediX Pool
On-chain security firm SlowMist notes that six days before the exploit was detected, the attacker was added as both Admin and Bridge to the CrediX Multisig Wallet using the ACLManager. With Bridge-level privileges, the attacker gained direct access to mint collateral tokens through the CrediX Pool.ย
Using the freshly minted tokens, they were able to borrow a large amount of assets from the protocol, ultimately draining the pool. This shows how risky it can get when access and roles are not properly managed in a multisig setup, and highlights how critical governance security is in DeFi systems.
CrediX has assured the users that all funds will be fully recovered within 24โ48 hours.
Multisig Hacks Lead 2025 Losses
According to a report from Hacken, crypto losses hit $3.1 billion in the first half of 2025, and most of it came from multisig wallet failures. These wallets were often exploited through fake interfaces and poor signer management.
The most damaging attack was the $1.46B Bybit hack, where signers were tricked by a spoofed UI.
Hacken Urges Real-Time Multisig Security
More than 80% of all crypto losses this year were caused by access control failures. Hacken now recommends that projects move away from one-time audits and adopt real-time, AI-driven security systems. These tools can track multisig wallet activity, detect abnormal behavior, and provide faster response times.
Hacken also advises that teams treat signers and user interfaces as key elements of the security system, not just technical features. Improved training, stricter automation, and tighter rules are necessary if DeFi platforms want to avoid similar attacks in the future.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
The CrediX hack was caused by a private key compromise, allowing the attacker admin and bridge access to drain the pool.
Yes. CrediX has assured users that all stolen funds will be recovered within 24โ48 hours after the exploit.
Major 2025 hacks include $400M from Coinbase, $220M from Cetus, and millions more from BSC, Phemex, and UPCX exploits.
Yes 
No 
