04.08.2025 11:54

Solana-based decentralized finance (DeFi) platform CrediX, specializing in tokenized private credit, suffered a significant exploit on Monday, August 4th, 2025. The attack resulted in the depletion of the protocol's liquidity pool, prompting the immediate shutdown of the CrediX website as a precautionary measure.

Blockchain security firm SlowMist identified the vulnerability. Their analysis revealed that six days prior to the exploit, a malicious actor was granted both administrator and bridge controller access through the platform's ACLManager. This unauthorized elevation of privileges proved crucial in facilitating the subsequent attack.

Leveraging their newly acquired bridge role, the attacker illicitly minted collateral tokens. This fraudulent minting allowed them to borrow substantial assets from the lending pool, effectively draining its liquidity. The resulting exploit prompted CrediX to issue a public statement acknowledging the incident.

Despite the significant security breach, CrediX reassured its users that all funds remain secure and accessible directly via smart contracts. The team pledged a complete recovery of all user funds within 24 to 48 hours, simultaneously initiating a thorough investigation into the incident. This investigation, along with the temporary website closure, aims to prevent further exploitation and ensure the platform's secure restoration.

Prior to this incident, CrediX had secured substantial funding. The platform received $60 million in credit financing, primarily aimed at supporting small and medium-sized enterprises (SMEs) in Latin America. This financing was secured through priority debt financing, a collaboration with a US-based alternative investment management firm, details of which remain undisclosed in this initial report from internet sources.