- The attacker obtained administrator access six days before the exploit.
- About $2.64 million was borrowed after minting fake collateral tokens.
- Hacken urges real-time AI monitoring to secure DeFi multisig wallets.
The decentralized finance sector was hit again by a major exploit, this time targeting CrediX.
Reports indicate the project lost $4.5 million following a private key compromise and governance access failures.
The attacker bridged funds across networks, leveraged administrative access, and drained the CrediX Pool using minted collateral tokens.
The incident has intensified concerns over multisig wallet security, a factor behind much of the $3.1 billion in crypto losses reported so far in 2025.
Funds bridged from Sonic to Ethereum as platform goes offline
CrediX has taken its website offline to prevent further deposits.
Blockchain security firm CertiK confirmed the stolen funds were transferred from the Sonic network to Ethereum.
Security platform Cyvers Alerts flagged multiple suspicious transactions on Sonic and traced an address that received funds routed through Tornado Cash on Ethereum.
That address bridged funds into Sonic and borrowed approximately $2.64 million from CrediX.
Evidence suggests these assets were extracted using collateral tokens the attacker minted after gaining backdoor access.
Minting exploit enabled by admin and bridge privileges
According to SlowMist, an on-chain security provider, the attacker was assigned admin and bridge roles within the CrediX Multisig Wallet six days before the exploit.
Those roles were granted via the protocol’s ACLManager.
With Bridge-level privileges, the attacker minted collateral tokens through the CrediX Pool, then used those tokens to borrow assets and ultimately drain the protocol.
This type of exploit highlights a critical vulnerability in decentralized governance models, especially when access control is role-based.
Poor oversight in privilege assignment—particularly in multisig environments—leaves DeFi protocols highly exposed to both internal and external compromises.
Multisig wallets linked to most crypto losses in 2025
The CrediX breach fits a broader pattern this year.
A report from security firm Hacken found $3.1 billion in crypto losses in the first half of 2025, with multisig wallets accounting for the majority of incidents.
These wallets are frequently breached through social engineering, fake interfaces, or misconfigured signer setups.
The largest known exploit so far in 2025 remains the Bybit incident, where attackers used a spoofed interface to trick multisig signers and steal $1.46 billion.
Real-time threat detection becomes a priority, says Hacken
In light of rising incidents, Hacken recommends moving beyond one-off security audits.
The firm advocates for real-time, AI-driven monitoring systems that observe multisig activity continuously and flag abnormal behavior immediately.
Hacken states that more than 80% of crypto losses this year stemmed from access control failures.
The company urges platforms to enforce stricter training for signers, deploy rule-based automation, and treat both signer interfaces and signer configurations as core components of system security.
CrediX has said it aims to recover the stolen funds within 24 to 48 hours, though no further details have been provided at this time.