- The attacker gained administrative access six days before the breach.
- They borrowed $2.64 million after minting fake collateral tokens.
- Hacken urges real-time AI monitoring to protect DeFi wallets.
The decentralized finance sector was shaken again by a major exploit — this time targeting CrediX.
The project reportedly lost $4.5 million after an incident enabled by a compromised private key and weaknesses in access governance.
The attacker bridged funds across networks, leveraged administrative privileges, and drained the CrediX Pool by minting collateral tokens.
This breach adds to growing concerns about multisignature wallet security, which has accounted for the majority of crypto losses so far in 2025, contributing to $3.1 billion in total thefts.
Funds bridged from Sonic to Ethereum as platform taken offline
CrediX has taken its website offline to prevent further deposits while the situation is investigated.
Blockchain security firm CertiK confirmed that the stolen funds were bridged from the Sonic network to Ethereum.
The Web3 security monitoring service Cyvers Alerts flagged multiple suspicious transactions on Sonic and traced one Ethereum address that received funds routed through Tornado Cash.
That address bridged funds into Sonic and borrowed roughly $2.64 million from CrediX.
Security teams say those funds were likely extracted using collateral tokens the attacker minted after gaining backdoor access.
Exploitation involved minting tokens with admin and bridge privileges
According to on-chain security provider SlowMist, the attacker was granted manager and bridge roles in the CrediX multisig wallet six days before the exploit.
Those roles were assigned through the protocol’s ACLManager tool.
With bridge-level access, the attacker was able to mint collateral tokens via the CrediX Pool, which they then used to borrow assets and ultimately drain the protocol.
This type of exploitation highlights the critical risks in decentralized governance models, especially when role-based access control is not tightly managed.
Poor oversight in permission assignments — particularly within multisig environments — leaves DeFi protocols highly exposed to both internal and external threats.
Multisig wallets tied to most crypto losses in 2025
The CrediX incident fits a broader trend this year.
A security report from Hacken states that $3.1 billion in crypto was lost in the first half of 2025, with multisignature wallets implicated in the majority of cases.
These wallets were commonly compromised through social engineering, fake interfaces, or misconfigured signer settings.
The largest known exploit this year remains the Bybit incident, in which $1.46 billion was stolen after attackers tricked multisig users with a spoofed interface.
Real-time threat detection becomes a priority, Hacken says
In response to the rising frequency of these incidents, Hacken recommends moving away from one-off security audits.
The firm advocates for real-time, AI-driven security systems that continuously monitor multisig activity and flag anomalous behavior immediately.
Hacken reports that over 80% of this year’s crypto losses stemmed from access control failures.
They urge platforms to implement stricter signer training, enforce rule-based automation, and treat both interfaces and signers as integral parts of the security posture.
Meanwhile, CrediX has stated its goal is to recover the stolen funds within 24–48 hours, though it has not provided additional details at this time.