🚨 CrediX Exploited for $4.5M: Hacker Bridges Stolen Funds to Ethereum

Another day, another crypto heist—this time CrediX takes a $4.5M hit. The attacker didn’t just vanish into the blockchain ether; they bridged the loot straight to Ethereum. Because why not add insult to injury?

Anatomy of a Hack

No fancy jargon here: Someone found a hole, drained funds, and pulled off a clean getaway. The move to Ethereum? A calculated play—liquidity’s better, and let’s face it, laundering’s easier.

DeFi’s Recurring Nightmare

Audits? Overrated. Security? Optional. The hacker’s bridge to Ethereum proves yet again that decentralized finance is just a high-stakes game of whack-a-mole. TradFi might be slow, but at least their vaults aren’t digital sieves.

What Now?

CrediX users left holding the bag while the attacker sips margaritas—funds likely already swapped for privacy coins or real estate. Meanwhile, the ‘code is law’ crowd gets another reality check. Stay paranoid out there.

The DeFi project CrediX has reportedly been hacked, with losses estimated at $4.5 million. The incident appears to be the result of a private key compromise, which allowed the attacker to gain unauthorized access to the system. 

Credix seems to have had a security breach. We are investigating and will share details soon

CrediX Hit By Cross-Network Exploit

As a safety step, CrediX has taken its website offline to block new user deposits. Security firm CertiK reported that the stolen funds were moved from the Sonic network to Ethereum. So far, the attacker’s wallet still holds the stolen assets, and there has been no further movement.

Cyvers Alerts, a Web3 security firm, also flagged multiple suspicious transactions on the Sonic network involving CrediX. According to them, an address funded via Tornado Cash on ethereum bridged funds to Sonic, then borrowed around $2.64 million from CrediX.

ALERTOur system has detected multiple suspicious transactions on the #Sonic network involving @CrediX_fi.

An address funded by @TornadoCash on the #ETH network bridged funds to the #Sonic network and borrowed approximately 2.64M from @CrediX_fi.

Most of these funds have… pic.twitter.com/vK2y21Vhu9

Access Flaw Lets Attacker Drain CrediX Pool

On-chain security firm SlowMist notes that six days before the exploit was detected, the attacker was added as both Admin and Bridge to the CrediX Multisig Wallet using the ACLManager. With Bridge-level privileges, the attacker gained direct access to mint collateral tokens through the CrediX Pool. 

Using the freshly minted tokens, they were able to borrow a large amount of assets from the protocol, ultimately draining the pool. This shows how risky it can get when access and roles are not properly managed in a multisig setup, and highlights how critical governance security is in DeFi systems.

All users funds will be recovered in full within 24-48 hours

CrediX has assured the users that all funds will be fully recovered within 24–48 hours. 

Multisig Hacks Lead 2025 Losses

According to a report from Hacken, crypto losses hit $3.1 billion in the first half of 2025, and most of it came from multisig wallet failures. These wallets were often exploited through fake interfaces and poor signer management.

The most damaging attack was the $1.46B Bybit hack, where signers were tricked by a spoofed UI.

Hacken Urges Real-Time Multisig Security

More than 80% of all crypto losses this year were caused by access control failures. Hacken now recommends that projects MOVE away from one-time audits and adopt real-time, AI-driven security systems. These tools can track multisig wallet activity, detect abnormal behavior, and provide faster response times.

Hacken also advises that teams treat signers and user interfaces as key elements of the security system, not just technical features. Improved training, stricter automation, and tighter rules are necessary if DeFi platforms want to avoid similar attacks in the future.