CrediX DeFi Protocol Hacked: Admin Rights Breached, Liquidity Pool Drained

Another day, another DeFi exploit—this time CrediX takes the hit. A hacker just pulled off the crypto heist of the week, hijacking admin privileges and bleeding the protocol dry.

How? By exploiting what appears to be a privilege escalation flaw—turning a minor vulnerability into a full-blown backdoor. The attacker didn’t just sneak in; they waltzed through the front gate with stolen keys.

Liquidity pools? Emptied. Governance controls? Overridden. The protocol’s so-called 'decentralized' security? A punchline now. Yet another reminder that in DeFi, 'trustless' often just means 'trust us, we’ll get hacked eventually.'

No numbers disclosed yet—because why would CrediX admit how much vanished? But one thing’s clear: until projects start prioritizing security over hype, these headlines won’t stop. Stay skeptical, folks.

Blockchain security firms SlowMist and PeckShield identified that the attacker used Tornado Cash-funded addresses to bridge funds to the Sonic network before exploiting the BRIDGE role to mint acUSDC tokens directly.

The hacker then borrowed large amounts against the worthless collateral, draining approximately $2.64 million from the protocol’s lending pools.

Attack Mirrors Previous Exchange Exploits Using Admin Compromise

The CrediX exploit follows a pattern established by major crypto hacks, including the $234 million WazirX breach in July 2024. Both attacks involved compromised administrative access that bypassed normal security measures through legitimate-appearing transactions from authorized accounts.

Security analysis revealed that the attacker’s address 0xF321***662e held extensive privileges across CrediX’s infrastructure.

The POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN roles provided comprehensive control over protocol operations and asset management.

Today's @CrediX_fi hack is due to compromised admin account 0xF321683831Be16eeD74dfA58b02a37483cEC662e, which has a number of roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN.

And the BRIDGE role is abused to drain/borrow pool assets… https://t.co/JGuLmh8zWu pic.twitter.com/0jmAuvtcJv

The bridge role abuse allowed direct minting of collateral tokens without backing assets, creating artificial value that supported massive borrowing positions.

After draining the pools, most stolen funds were bridged back to the ethereum mainnet with no subsequent movement detected by monitoring systems. CrediX immediately disabled its website to prevent additional user deposits while directing existing users to withdraw funds directly through smart contracts.

The protocol had previously secured a $60 million credit line in 2023, making it a major player in institutional DeFi lending markets.

The attack methodology resembles the WazirX hack, where malicious actors manipulated multisig wallet interfaces to trick authorized signers into approving compromised smart contract upgrades.

Both incidents Leveraged open vulnerabilities in known administrative access controls and multisig security implementations.

Crypto Security Deteriorates Amid Rising Exploit Frequency

The CrediX breach adds to crypto’s devastating 2025 security record, with July losses reaching $142 million across 17 major incidents, according to PeckShield data.

July crypto hack losses surge 27% to $142 million with CoinDCX's $44 million insider breach and GMX's $42 million exploit leading victims.#July #CryptoHackhttps://t.co/4UCMKaxUvI

The 27.2% increase from June’s $111.6 million reversed a temporary decline in hack-related losses.

Major July exploits included Indian exchange CoinDCX losing $44.2 million through insider involvement and GMX protocol suffering $42 million in re-entrancy attacks.

The CoinDCX incident involved employee Rahul Agarwal, whose compromised laptop provided hackers with system access after receiving malicious files from German contacts.

Physical violence against crypto holders escalated alongside digital attacks, with 32 “wrench attacks” reported globally in 2025.

For example, France experienced nearly one-third of incidents, including kidnapping attempts targeting crypto executives and their family members, with ransom demands reaching €7 million.

Crypto investors also lost over $2.2 billion in 2025’s first half through 344 separate incidents, already exceeding all of 2024’s security losses. Wallet-related breaches accounted for $1.7 billion across 34 attacks, while phishing scams stole $410 million in 132 incidents.

The WazirX exchange remains in legal proceedings following its 2024 hack, with Singapore’s High Court recently allowing creditor revoting on an amended restructuring plan. The court reversal provides hope for affected users who have been unable to access funds for nearly one year.

Recovery efforts across all 2025 incidents have returned $187 million through law enforcement action, white-hat agreements, and exchange cooperation.

However, net losses still total approximately $2.29 billion with an average incident loss of $7.1 million.

For CrediX, the protocol has announced a full refund for all affected users within 24-48 hours, with a post-mortem report expected to be released after restoration.

All users funds will be recovered in full within 24-48 hours