The recent incident involving the hacker behind the $4.5 million CrediX DeFi protocol exploit has taken an unexpected turn. Following successful negotiations with the CrediX protocol team, the hacker has agreed to return the stolen funds within 24 to 48 hours. This agreement was announced by CrediX on social media, stating that the compensations for the hacker will be fully paid by the CrediX treasury, while affected users will receive airdrops of their asset shares.
The compromise that led to this resolution lasted for six days, during which the attackers gained administrative control of CrediX’s multisig wallet and exploited bridge privileges to mint unbacked collateral tokens on the Sonic network. The hacker utilized Tornado Cash-funded addresses to exploit BRIDGE role permissions, allowing them to directly mint acUSDC tokens and borrow against worthless collateral, resulting in a loss of approximately $2.64 million from lending pools.
This incident is part of a larger trend in 2025, where DeFi protocols have been experiencing a significant increase in security breaches. Despite the rising number of exploits, there have been instances where protocols have successfully negotiated with hackers for the return of stolen funds. This contrasts with the overall security record of 2025, which has seen $2.29 billion in net losses across 344 incidents in the first half of the year.
Security experts caution against relying on hackers’ goodwill for the return of stolen funds, emphasizing the importance of proactive security measures. Mitchell Amador, CEO of Immunefi, warns that most exploited projects suffer permanent devaluation beyond initial losses and criticizes reactive security measures like bug bounties launched only after a hack.
The successful negotiations between DeFi protocols and hackers highlight the importance of prevention as a key security strategy. Amador advocates for unified security stacks that integrate AI-powered agents for constant vulnerability scanning and immediate threat detection. He warns that inadequate bug bounty rewards and slow response programs may discourage legitimate security researchers and potentially turn warnings into actual attacks.
Despite the challenges posed by security breaches, efforts to recover stolen funds have been ongoing. Recovery efforts have returned $187 million through law enforcement action, white-hat agreements, and exchange cooperation during the first half of 2025. However, net losses still total approximately $2.29 billion, with average incident losses reaching $7.1 million despite partial recovery successes.
In conclusion, the recent agreement between CrediX and the hacker highlights the evolving landscape of DeFi security and the importance of proactive measures to prevent future exploits. By learning from past incidents and implementing robust security protocols, DeFi protocols can better protect their users and assets from malicious actors.