CrediX Hacker Strikes Deal: $4.5M Returned After Tense Negotiations
In a plot twist straight out of cyber-noir, the rogue behind the CrediX exploit folds under pressure—forking over $4.5 million in recovered funds.
From digital heist to handshake deal
No tearful apologies here—just cold, hard blockchain breadcrumbs leading back to creditors. The hacker’s wallet coughed up the loot after what insiders call 'a negotiation process more tense than a Bitcoin ETF approval hearing.'
Finance’s irony department strikes again: the same decentralized tech that enabled the theft also made the money trail impossible to hide. Maybe next time they’ll try stealing fiat—oh wait, banks still can’t track that either.
How the CrediX hack happened
The attack on CrediX came less than a month after the protocol launched as a real-world asset lending platform, allowing borrowers to receive loans backed by off-chain income and collateral from DeFi lenders.
According to security firm SlowMist, the exploit began nearly a week prior to the attack, when hackers gained unauthorized access to the protocol’s multisig admin and bridge wallets.
With full control over key infrastructure, the attackers minted collateral tokens, borrowed against the protocol, and quickly drained its liquidity. The stolen funds were then bridged from Sonic to Ethereum.
The CrediX hack is the latest in a growing list of DeFi protocols hit by major exploits this year. In July alone, more than $153 million was lost to crypto hacks and scams, pushing total industry losses for 2025 so far above $3.1 billion.
Meanwhile, another recent victim, GMX, which was hacked for $42 million on July 9, also managed to recover stolen funds last month after offering its attacker a 10% bounty.
But even with these successful recoveries, the consistent trend of attacks points to a deeper problem. Despite being labeled as decentralized, many DeFi protocols still rely on centralized controls, such as admin keys, upgradable contracts, and emergency pause functions. These features are now common entry points for attackers, underscoring the need for stronger security and better defense mechanisms.
As of now, CrediX has not confirmed receipt of the funds, and it remains to be seen whether the attacker follows through on the agreement.
