The DeFi sector has once again been thrown into turmoil as CrediX falls victim to a major exploit, resulting in a staggering $4.5 million loss. The attack, facilitated by a compromised private key and governance access vulnerabilities, has raised alarms within the crypto community.
The assailant managed to bridge funds across networks, exploit administrative privileges, and drain the CrediX Pool by minting fake collateral tokens. This incident has heightened concerns surrounding the security of multisig wallets, which have accounted for a significant portion of the $3.1 billion in crypto losses recorded in 2025.
Following the breach, CrediX swiftly took its platform offline to prevent further deposits. CertiK, a blockchain security firm, confirmed that the stolen funds were transferred from the Sonic network to Ethereum. Cyvers Alerts, a Web3 security platform, identified suspicious transactions on Sonic, linking one address to Tornado Cash on Ethereum, which was used to bridge funds and borrow approximately $2.64 million from CrediX.
The attacker exploited their newly acquired Admin and Bridge roles within the CrediX Multisig Wallet, granted just six days prior to the exploit. With Bridge-level access, the attacker minted collateral tokens through the CrediX Pool, subsequently borrowing assets and draining the protocol. This breach underscores the critical risks associated with decentralized governance models and role-based access control.
The CrediX incident is part of a broader trend in 2025, with a report by security firm Hacken revealing that the majority of the $3.1 billion in crypto losses this year involved multisig wallets. These wallets were compromised through various means, such as social engineering tactics, fake interfaces, or misconfigured signer setups. The largest known attack this year remains the $1.46 billion Bybit exploit, where attackers deceived multisig signers using a spoofed interface.
In response to the escalating frequency of such incidents, Hacken emphasizes the importance of real-time, AI-based security systems for monitoring multisig activity and detecting abnormal behavior instantly. With over 80% of crypto losses attributed to access control failures, Hacken advocates for stricter signer training, tighter rule-based automation, and heightened focus on system security through interfaces and signers.
CrediX has pledged to recover the stolen funds within 24–48 hours, though further details are yet to be disclosed. As the DeFi landscape continues to evolve, the need for robust security measures and proactive threat detection mechanisms becomes increasingly paramount to safeguard user funds and maintain trust within the ecosystem.