The post CrediX Hit by $4.5M Hack, Attacker Bridges Funds to Ethereum appeared first on Coinpedia Fintech News
The DeFi project CrediX has reportedly been hacked, with losses estimated at $4.5 million. The incident appears to be the result of a private key compromise, which allowed the attacker to gain unauthorized access to the system.
CrediX Hit By Cross-Network Exploit
As a safety step, CrediX has taken its website offline to block new user deposits. Security firm CertiK reported that the stolen funds were moved from the Sonic network to Ethereum. So far, the attacker’s wallet still holds the stolen assets, and there has been no further movement.
Cyvers Alerts, a Web3 security firm, also flagged multiple suspicious transactions on the Sonic network involving CrediX. According to them, an address funded via Tornado Cash on Ethereum bridged funds to Sonic, then borrowed around $2.64 million from CrediX.
Access Flaw Lets Attacker Drain CrediX Pool
On-chain security firm SlowMist notes that six days before the exploit was detected, the attacker was added as both Admin and Bridge to the CrediX Multisig Wallet using the ACLManager. With Bridge-level privileges, the attacker gained direct access to mint collateral tokens through the CrediX Pool.
Using the freshly minted tokens, they were able to borrow a large amount of assets from the protocol, ultimately draining the pool. This shows how risky it can get when access and roles are not properly managed in a multisig setup, and highlights how critical governance security is in DeFi systems.
CrediX has assured the users that all funds will be fully recovered within 24–48 hours.
Multisig Hacks Lead 2025 Losses
According to a report from Hacken, crypto losses hit $3.1 billion in the first half of 2025, and most of it came from multisig wallet failures. These wallets were often exploited through fake interfaces and poor signer management.
The most damaging attack was the $1.46B Bybit hack, where signers were tricked by a spoofed UI.
Hacken Urges Real-Time Multisig Security
More than 80% of all crypto losses this year were caused by access control failures. Hacken now recommends that projects move away from one-time audits and adopt real-time, AI-driven security systems. These tools can track multisig wallet activity, detect abnormal behavior, and provide faster response times.
Hacken also advises that teams treat signers and user interfaces as key elements of the security system, not just technical features. Improved training, stricter automation, and tighter rules are necessary if DeFi platforms want to avoid similar attacks in the future.
