CrediX has recovered $4.5 million in stolen cryptocurrency after reaching a private settlement with the hacker behind a recent exploit.
Key Takeaways
- 1CrediX recovered $4.5 million in stolen crypto through a private deal with the attacker.
- 2The hacker used a Tornado Cash-funded wallet to carry out the breach.
- 3Users will be refunded via airdrop within 48 hours, according to the protocol.
- 4This case reflects a growing trend in 2025 where hackers return funds in exchange for payouts.
What Happened?
CrediX, a money market abstraction infrastructure protocol, suffered a cyberattack on July 28, 2025. The attacker siphoned over $4.5 million in digital assets and bridged them to the Ethereum network using funds linked to Tornado Cash. However, in a twist, the protocol managed to negotiate a direct settlement with the hacker to return the assets.
CrediX confirmed that the attacker agreed to give back the stolen funds in exchange for an undisclosed payment from the project’s treasury. Affected users will be refunded within 48 hours via airdrop, according to CrediX’s public statement.
CrediX’s Quick Response and Private Deal
Blockchain security firm Cyvers flagged the exploit as involving more than $4.5 million. Rather than chasing the attacker through legal channels or blockchain analytics, CrediX initiated a private negotiation.
🚨ALERT🚨Our system has detected multiple suspicious transactions on the #Sonic network involving @CrediX_fi.
,🚨 Cyvers Alerts 🚨 (@CyversAlerts) August 4, 2025
An address funded by @TornadoCash on the #ETH network bridged funds to the #Sonic network and borrowed approximately 2.64M from @CrediX_fi.
Most of these funds have… pic.twitter.com/vK2y21Vhu9
The result was an unexpected success. The attacker accepted a deal to return the funds, which will be distributed back to impacted users shortly. CrediX publicly posted on X (formerly Twitter), stating, “Reached successful parley with the exploiter who agreed to return the funds within the next 24-48 hours in return for money fully paid by the CrediX treasury.”
We have good news for our users. Reached succesfull parley with the exploiter who agreed to return the the funds within the next 24-48 hours in return for money fully paid by the credix treasury. We have addresses of all the affected users and will airdrop them their share of…
,CrediX (@CrediX_fi) August 4, 2025
Though the exact terms remain undisclosed, the protocol’s swift and transparent communication has been seen as a rare win for crypto victims.
A Broader Shift in Hacker Behavior
This isn’t the only case in 2025 where attackers have agreed to give back stolen assets after striking deals with affected projects. On July 11, the team behind GMX recovered $40 million through a negotiated $5 million white hat bounty. Earlier in May 2024, an attacker returned $71 million stolen in a wallet poisoning scam after pressure from onchain investigators.
Such incidents suggest that some hackers are becoming more open to resolving attacks through settlements or bounties, especially as tracking tools and investigative capabilities improve across the crypto space.
Crypto Exploits Are Still a Growing Threat
While some outcomes have been positive, the broader state of crypto security remains fragile. Blockchain security firm CertiK reported that crypto hacks, scams, and exploits led to $2.47 billion in losses in just the first half of 2025. Though incidents dropped by 52% in Q2 compared to Q1, the threat remains high.
Worse still, according to security firm Immunefi, nearly 80% of cryptocurrencies never recover in price after a major exploit. This can deal a bigger blow to a project’s future than the stolen funds themselves.
Adding to the worry, even traditional financial systems are under attack. In a separate incident on July 5, hackers compromised Brazil’s financial infrastructure via C&M Software, leading to a $140 million theft after an insider sold access credentials.
CoinLaw’s Takeaway
Honestly, I find this CrediX story encouraging. It’s rare to see a crypto project turn a hack around this quickly and transparently. While paying off a hacker isn’t ideal, it’s sometimes the best way to get funds back to users fast. And in this case, CrediX seems to have done just that. These negotiated settlements won’t fix crypto’s security problem, but they might help soften the blow for affected users. I’m glad to see a project take responsibility and act decisively.
