CrediX Finance lost $4.5 million in a devastating exploit just weeks after launch, highlighting urgent vulnerabilities in DeFi multisig wallet systems.
Key Takeaways
- 1CrediX Finance was hacked for $4.5 million due to compromised admin and bridge access.
- 2The attacker exploited governance flaws to mint fake collateral tokens and borrow funds.
- 3Security firms link the breach to a broader trend of DeFi multisig wallet failures in 2025.
- 4Experts are calling for AI-based real-time security monitoring to prevent future incidents.
What Happened?
CrediX Finance, a real-world asset lending protocol launched in July 2025, suffered a $4.5 million exploit on August 4. The attackers gained admin privileges days before the attack and minted fake collateral tokens, using them to drain the protocol’s liquidity pool. The hack has intensified scrutiny on the use of multisig wallets, which have become a key vulnerability in DeFi security this year.
🚨SlowMist TI Alert🚨
,SlowMist (@SlowMist_Team) August 4, 2025
MistEye detected that @CrediX_fi has been exploited.
The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M
This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET
CrediX Finance Targeted Just Weeks After Launch
CrediX Finance had only been live for about a month before the exploit occurred. The platform allowed users to borrow crypto loans against off-chain income and collateral, aiming to bridge real-world assets with decentralized finance. Unfortunately, the early-stage protocol retained centralized control mechanisms, including multisig admin wallets with bridge rights.
According to blockchain security firm SlowMist, the attacker was assigned Admin and Bridge roles via the protocol’s ACLManager six days before the hack. With these roles, the hacker minted collateral tokens through the CrediX Pool, borrowed $2.64 million, and eventually drained a total of $4.5 million from the platform.
Attacker Bridged Funds to Ethereum
Blockchain security platforms including CertiK and Cyvers Alerts traced the exploit across networks. The attacker initially funded a wallet through Tornado Cash on Ethereum, then bridged those funds to Sonic, where the CrediX Pool was hosted.
#CertiKInsight 🚨@CrediX_fi was exploited for ~$4.5M. All the funds were bridged from Sonic to Ethereum network.
,CertiK Alert (@CertiKAlert) August 4, 2025
Currently, the stolen funds are still in the attacker’s wallets.https://t.co/3s2sgA2QOehttps://t.co/yqDM4TETDUhttps://t.co/mN3kchx933
Once the pool was compromised, the hacker transferred the stolen assets back to Ethereum, effectively laundering the funds across chains. CertiK confirmed the timeline and amount lost, while CrediX promptly took its website offline to prevent further damage.
Multisig Wallets: The Achilles’ Heel of DeFi?
The CrediX incident is not isolated. According to Hacken, a security firm tracking crypto thefts, $3.1 billion has already been lost in DeFi exploits in 2025, with the majority tied to multisig wallet failures. These wallets, intended to add layers of transaction approval, have instead become a major security weak point.
Common attack vectors include:
- Social engineering of multisig signers
- Fake interfaces to trick users into approvals
- Misconfigured access rights and admin privileges
The largest breach so far this year remains the $14.5 billion LuBian Mining Pool Scam, which was unearthed after five years.
Security Firms Call for AI Monitoring
In response to this growing threat, Hacken recommends abandoning one-time security audits in favor of real-time, AI-driven security monitoring. These tools can track multisig activity and alert teams to suspicious behavior immediately.
According to Hacken’s data:
- Over 80% of DeFi losses in 2025 stemmed from access control failures
- Improved signer education and interface security are essential
- Automated rule-based protections should be standard practice
So far, CrediX has said it plans to recover the stolen funds within 24 to 48 hours, though no further updates have been made public.
All users funds will be recovered in full within 24-48 hours
,CrediX (@CrediX_fi) August 4, 2025
CoinLaw’s Takeaway
To be honest, this attack on CrediX feels like yet another red flag for DeFi. How many times do we have to watch millions vanish before platforms take admin and access control seriously? If you’re running a DeFi protocol and still relying on loosely managed multisig setups, you’re not innovating. You’re inviting disaster. It is no longer enough to say you’re “decentralized” if a single bad configuration can wipe out millions. I strongly believe the future of DeFi security lies in real-time, AI-powered monitoring, not delayed audits or patched fixes. Let’s hope the industry starts listening.
