04.08.2025 16:59

CrediX Finance, a relatively new decentralized finance (DeFi) lending protocol, suffered a significant setback on August 4th, 2025, when hackers exploited a vulnerability in its system, resulting in a $4.5 million loss. The protocol, launched just a month prior, was abruptly taken offline following the incident.

Blockchain security firm SlowMist reported that the attackers cleverly infiltrated CrediX Finance's multi-signature (multisig) admin and bridge wallets six days before the heist. Exploiting a flaw in access control, they added themselves as both an administrator and a bridge operator. This strategic maneuver allowed them to mint a substantial quantity of collateral tokens.

Leveraging these newly minted tokens, the hackers then proceeded to borrow significant amounts of cryptocurrency from the protocol's liquidity pool, effectively draining its funds. CertiK, another prominent security firm, corroborated SlowMist's findings, independently confirming the approximate $4.5 million loss. The stolen funds were subsequently bridged from the Sonic (S) blockchain to the Ethereum (ETH) network.

This attack highlights the ongoing security challenges facing the DeFi ecosystem. The incident underscores the vulnerabilities inherent in protocols, particularly those with centralized control mechanisms, and the need for rigorous security audits and robust access control measures. The attack on CrediX Finance is just one of several significant DeFi exploits in recent months; July 2025 alone saw approximately $153 million lost to exploits and scams, according to CertiK, highlighting a concerning trend within the DeFi space. This figure includes $86.6 million in exchange-related incidents and $55.4 million attributed to code vulnerabilities, demonstrating the diverse range of threats impacting the industry.