- The attacker obtained administrator access six days before the exploit.
- Borrowed $2.64 million after minting fake security tokens.
- Security firm urges real-time AI monitoring for DeFi wallet security.
The decentralized finance sector has been hit again by a major breach—this time targeting CrediX.
The project reportedly lost $4.5 million after an attack made possible by a compromised private key and governance access misconfigurations.
The attacker bridged funds across networks, exploited administrative privileges, and drained the CrediX Pool by minting counterfeit security tokens.
This incident has intensified concerns about the security of multisig wallets, which have been implicated in most of the $3.1 billion in crypto losses so far in 2025.
Funds bridged from Sonic to Ethereum as platform taken offline
CrediX has taken its website offline to prevent further deposits.
Blockchain security firm CertiK confirmed that the stolen funds were bridged from the Sonic network to Ethereum.
Web3 security platform Cyvers Alerts flagged several suspicious transactions on Sonic and traced one address that was funded via Tornado Cash on Ethereum.
That address bridged funds into Sonic and borrowed roughly $2.64 million from CrediX.
Those funds were likely extracted using security tokens the attacker minted after gaining backdoor access.
Admin access and bridge privileges enabled token mint exploit
According to SlowMist, an on-chain security provider, the attacker was granted Admin and Bridge roles in the CrediX multisig wallet six days before the exploit.
These roles were assigned using the protocol’s ACLManager.
With Bridge-level privileges, the attacker was able to create security tokens through the CrediX Pool, which were then used to borrow assets and ultimately drain the protocol.
This form of exploitation highlights a critical vulnerability in decentralized governance models, particularly around role-based access control.
Insufficient oversight when granting privileges—especially in multisig environments—leaves DeFi protocols highly exposed to internal or external compromises.
Multisig wallets linked to most crypto losses in 2025
The CrediX incident fits a wider pattern observed this year.
A report from security firm Hacken states that $3.1 billion in crypto was lost in the first half of 2025, with the majority of cases involving multisig wallets.
These wallets were frequently breached through social engineering, fake interfaces, or misconfigured signer setups.
The largest known exploit this year remains the Bybit breach, at $1.46 billion, where attackers tricked multisig signers using a forged interface.
Real-time threat detection now a priority, says Hacken
In response to the rising number of such incidents, Hacken recommends moving beyond one-off security audits.
The firm advocates for real-time, AI-driven security systems that continuously monitor multisig activity and immediately flag anomalous behavior.
Hacken reports that more than 80% of this year’s crypto losses stemmed from access control failures.
The company urges platforms to implement stronger signer training, enforce stricter rule-based automation, and treat user interfaces and signers as integral components of overall system security.
Meanwhile, CrediX has stated it aims to recover the stolen funds within 24–48 hours, though no further details have been disclosed at this time.