• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
CoinLaw LogoCoinLaw

Bringing Crypto and Finance Closer to You

  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
CoinLaw Logo
  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Home » Cryptocurrency

$4.5M CrediX Hack Underscores DeFi’s Multisig Weakness

Published on: August 4, 2025
Kathleen Kinder
Written By
Kathleen Kinder
Kathleen Kinder
Senior Editor • 1,774 Articles
Kathleen Kinder brings over 11 years of experience in the research industry, with deep expertise in finance, cryptocurrency, and insurance. ... See full bio
LATEST POSTS:
Bridge Secures MiCA and EMI Licenses Across EU
Binance Reportedly Set to Lead Mesh’s $2B Round
Bank of Russia: Digital Ruble Rollout Ready for September
Credix Defi Hacked
As Featured In
Bloomberg LogoForbes LogoFortune LogoCoinDesk LogoCoinMarketCap Logo
Share on LinkedIn ChatGPT Perplexity Share on X Share on Facebook

CrediX Finance lost $4.5 million in a devastating exploit just weeks after launch, highlighting urgent vulnerabilities in DeFi multisig wallet systems.

Key Takeaways

  • 1CrediX Finance was hacked for $4.5 million due to compromised admin and bridge access.
  • 2The attacker exploited governance flaws to mint fake collateral tokens and borrow funds.
  • 3Security firms link the breach to a broader trend of DeFi multisig wallet failures in 2025.
  • 4Experts are calling for AI-based real-time security monitoring to prevent future incidents.

What Happened?

CrediX Finance, a real-world asset lending protocol launched in July 2025, suffered a $4.5 million exploit on August 4. The attackers gained admin privileges days before the attack and minted fake collateral tokens, using them to drain the protocol’s liquidity pool. The hack has intensified scrutiny on the use of multisig wallets, which have become a key vulnerability in DeFi security this year.

🚨SlowMist TI Alert🚨

MistEye detected that @CrediX_fi has been exploited.

The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M

This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET

,SlowMist (@SlowMist_Team) August 4, 2025

CrediX Finance Targeted Just Weeks After Launch

CrediX Finance had only been live for about a month before the exploit occurred. The platform allowed users to borrow crypto loans against off-chain income and collateral, aiming to bridge real-world assets with decentralized finance. Unfortunately, the early-stage protocol retained centralized control mechanisms, including multisig admin wallets with bridge rights.

According to blockchain security firm SlowMist, the attacker was assigned Admin and Bridge roles via the protocol’s ACLManager six days before the hack. With these roles, the hacker minted collateral tokens through the CrediX Pool, borrowed $2.64 million, and eventually drained a total of $4.5 million from the platform.

Attacker Bridged Funds to Ethereum

Blockchain security platforms including CertiK and Cyvers Alerts traced the exploit across networks. The attacker initially funded a wallet through Tornado Cash on Ethereum, then bridged those funds to Sonic, where the CrediX Pool was hosted.

#CertiKInsight 🚨@CrediX_fi was exploited for ~$4.5M. All the funds were bridged from Sonic to Ethereum network.

Currently, the stolen funds are still in the attacker’s wallets.https://t.co/3s2sgA2QOehttps://t.co/yqDM4TETDUhttps://t.co/mN3kchx933

,CertiK Alert (@CertiKAlert) August 4, 2025

Once the pool was compromised, the hacker transferred the stolen assets back to Ethereum, effectively laundering the funds across chains. CertiK confirmed the timeline and amount lost, while CrediX promptly took its website offline to prevent further damage.

Newsletter Img
Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

✅ Join readers from Visa, Vanguard, and the FDIC.

Multisig Wallets: The Achilles’ Heel of DeFi?

The CrediX incident is not isolated. According to Hacken, a security firm tracking crypto thefts, $3.1 billion has already been lost in DeFi exploits in 2025, with the majority tied to multisig wallet failures. These wallets, intended to add layers of transaction approval, have instead become a major security weak point.

Common attack vectors include:

  • Social engineering of multisig signers
  • Fake interfaces to trick users into approvals
  • Misconfigured access rights and admin privileges

The largest breach so far this year remains the $14.5 billion LuBian Mining Pool Scam, which was unearthed after five years.

Security Firms Call for AI Monitoring

In response to this growing threat, Hacken recommends abandoning one-time security audits in favor of real-time, AI-driven security monitoring. These tools can track multisig activity and alert teams to suspicious behavior immediately.

According to Hacken’s data:

  • Over 80% of DeFi losses in 2025 stemmed from access control failures
  • Improved signer education and interface security are essential
  • Automated rule-based protections should be standard practice

So far, CrediX has said it plans to recover the stolen funds within 24 to 48 hours, though no further updates have been made public.

All users funds will be recovered in full within 24-48 hours

,CrediX (@CrediX_fi) August 4, 2025

CoinLaw’s Takeaway

To be honest, this attack on CrediX feels like yet another red flag for DeFi. How many times do we have to watch millions vanish before platforms take admin and access control seriously? If you’re running a DeFi protocol and still relying on loosely managed multisig setups, you’re not innovating. You’re inviting disaster. It is no longer enough to say you’re “decentralized” if a single bad configuration can wipe out millions. I strongly believe the future of DeFi security lies in real-time, AI-powered monitoring, not delayed audits or patched fixes. Let’s hope the industry starts listening.

Definition of Blockchain. Link to full glossary entry follows the description.Blockchain

A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security.

Read more

Definition of DeFi. Link to full glossary entry follows the description.DeFi

Decentralized finance leverages blockchain protocols and smart contracts to enable lending, trading, and borrowing without banks or traditional intermediaries.

Read more

Definition of Collateral Tokens. Link to full glossary entry follows the description.Collateral Tokens

A collateral token is a cryptocurrency pledged inside a DeFi lending protocol to secure a borrowed position, with automatic liquidation if its value falls below a threshold.

Read more

Definition of Cross-Chain. Link to full glossary entry follows the description.Cross-Chain

Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks.

Read more

CoinLaw follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add CoinLaw as a Preferred Source on Google for instant updates! Follow on Google News
Share ChatGPT Perplexity
Kathleen Kinder

Kathleen Kinder

Senior Editor


Kathleen Kinder brings over 11 years of experience in the research industry, with deep expertise in finance, cryptocurrency, and insurance. At CoinLaw, she writes timely, reader-focused news articles and also serves as a senior editorial reviewer. Drawing on her background in B2B research, consumer insights, and executive interviews, she ensures every piece delivers clarity, accuracy, and real-world relevance.

Related Posts

Coindcx
Cryptocurrency

CoinDCX Loses $44 Million in Hot Wallet Hack, Customer Funds Safe

Stake Dao Exploited With Infinite Minting Exploit
Cryptocurrency

Stake DAO Hit by 5.4 Trillion vsdCRV Mint Exploit

Gravity Bridge Facs 5 4 Million Crypto Exploit
Cryptocurrency

Gravity Bridge Halts Operations After $5.4 Million Crypto Exploit

Disclaimer: The content published on CoinLaw is intended solely for informational and educational purposes. It does not constitute financial, legal, or investment advice, nor does it reflect the views or recommendations of CoinLaw regarding the buying, selling, or holding of any assets. All investments carry risk, and you should conduct your own research or consult with a qualified advisor before making any financial decisions. You use the information on this website entirely at your own risk.

Reader Interactions

Leave a Comment Cancel reply

Primary Sidebar

Connect With Us

facebook x linkedin google-news telegram pinterest whatsapp email
google-preferred-source-badge Add as a preferred source on Google

You Should Also Read

$4.5M Hack Reversed: CrediX Strikes Private Deal With Exploiter
TrustedVolumes Loses $5.87M in DeFi Attack Linked to 1inch
DxSale Hack Drains $7.3M as Insider Access Claims Surface

Table of Contents

  • Key Takeaways
  • What Happened?
  • CrediX Finance Targeted Just Weeks After Launch
  • Attacker Bridged Funds to Ethereum
  • Multisig Wallets: The Achilles’ Heel of DeFi?
  • Security Firms Call for AI Monitoring
  • CoinLaw’s Takeaway
Connect on Telegram

Footer

CoinLaw Logo

Bringing Finance Closer to You.

Connect With Us

Follow Us on Google News

Editorial & Trust

  • About
  • Publishing Principles
  • Fact-Check Policy
  • Corrections Policy
  • Ethics Policy
  • Disclaimer
  • Cookie Policy

Worth Checking

  • Best Cloud Mining Platforms
  • Millennial vs. Gen Z Banking
  • Ethereum Gas Fees Statistics
  • Binance vs. Coinbase Statistics
  • Zelle vs. Venmo Statistics
  • Traditional Banks vs. Neobanks
  • Crypto Exchange Hack Statistics
Contact Us
13570 Grove Dr #189,
Maple Grove, MN 55311,
United States
10 a.m. – 6 p.m. | Every day

Copyright © 2024–2026 CoinLaw. All Rights Reserved. Powered by the HODL Force ❤️

  • Privacy Policy
  • Terms
  • Accessibility Statement
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Company
  • About Us
  • Our Team
  • Our Mission
  • Core Values
Discover
  • glossary icon
    Glossary
  • Stats
    Stats Research Process
  • Brand Guide Icon
    Brand Assets
Categories
  • Cryptocurrency
  • Payments
  • Banking
  • Finance
  • Insurance
Cryptocurrency
How Many People Use Cryptocurrency Worldwide
How Many People Use Cryptocurrency Worldwide 2026: Global User Count by Year and Region
Stablecoin Market Cap Statistics
Stablecoin Market Cap Statistics 2026: Issuer Share and Growth
Coinbase vs Kraken Statistics
Coinbase vs Kraken Statistics 2026: Volume, Fees, Licenses
Solana vs Ethereum Statistics
Solana vs Ethereum Statistics 2026: TVL, Fees, Validators, ETFs
Uniswap vs PancakeSwap Statistics
Uniswap vs PancakeSwap Statistics 2026: Head-to-Head DEX Data
Cryptojacking Statistics
Cryptojacking Statistics 2026: 80+ Cloud, Cost & Threat Numbers
Payments
Cash App vs Zelle Statistics
Cash App vs Zelle Statistics 2026: Speed, Limits and User Data
Venmo vs. PayPal Statistics
Venmo vs PayPal Statistics 2026: Users, Fees and Volume
Toast Statistics
Toast Statistics 2026: ARR, GPV & Revenue Data
Rapyd Statistics
Rapyd Statistics 2026: TPV, Valuation & Licences
Marqeta Statistics
Marqeta Statistics 2026: TPV, Revenue and Customer Mix
Digital Payments Statistics
Digital Payments Statistics 2026: Market Size, Users, and Growth
Banking
N26 Statistics
N26 Statistics 2026: Customers, Deposits, Revenue and the BaFin Growth Cap
Revolut vs Monzo Statistics
Revolut vs Monzo Statistics 2026: Customers & Profit
Islamic Banking Statistics
Islamic Banking Statistics 2026: Assets, Growth, and Top Markets
Credit Union Statistics
Credit Union Statistics 2026: Assets, Members, Loans
Banking API Statistics
Banking API Statistics 2026: Market Size, Adoption, and Growth
Citigroup Statistics
Citigroup Statistics 2026: Growth Secrets Inside
Finance
Emergency Fund Statistics
Emergency Fund Statistics 2026: How Much Americans Have Saved (and How Much They Should)
Financial Advisor Statistics
Financial Advisor Statistics 2026: Headcount, AUM, and Demographics
Wealth Inequality Statistics
Wealth Inequality Statistics 2026: Hidden Wealth Divide
Blockchain In Supply Chain Finance Statistics
Blockchain in Supply Chain Finance Statistics 2026: Trade Breakthrough
Blockchain In Healthcare Finance Statistics
Blockchain in Healthcare Finance Statistics 2026: Cost Breakthrough
AI-Powered Robo Trading Statistics
AI-Powered Robo Trading Statistics 2026: Big Insights
Insurance
Lemonade Insurance Statistics
Lemonade Insurance Statistics 2026: Customers, In-Force Premium, Loss Ratio, Pet & Auto Segments
Chubb Statistics
Chubb Statistics 2026: Powerful Data Insights
Virtual Reality In Insurance Statistics
Virtual Reality In Insurance Statistics 2026: Innovations, Risks, and Opportunities
US Life Insurance Industry Statistics
US Life Insurance Industry Statistics 2026: Growth Facts
US Auto Insurance Industry Statistics
US Auto Insurance Industry Statistics 2026: What You Must Know Now
UK Insurance Industry Statistics
UK Insurance Industry Statistics 2026: Growth Data
Categories
  • Cryptocurrency
  • Investments
  • Fintech
  • Compliance
  • Finance
Cryptocurrency
Etoro Leads 12 5m Round In Extended Exchange
eToro Leads $12.5M Round in Extended Exchange
Circle Sells 20 25m More Arc Tokens At 3b Valuation
Circle Sells $20.25M More ARC Tokens at $3B Valuation
Ondo Finance Tokenizes Blackrock Etf Micron Shares
Ondo Finance Tokenizes BlackRock ETF, Micron Shares
Anchorage Digital Adds Lido Staking Support
Anchorage Digital Adds Lido’s wstETH for Institutions
Standard Chartered Becomes First G Sib To Offer Usdc Minting
Standard Chartered Becomes First G-SIB to Offer USDC Minting
Sbi Crypto To Shut Down Btc Mining Pools On 31st July
SBI Crypto to Shut Down Bitcoin Mining Pool
Investments
Binance Reportedly Set To Lead Mesh S 2b Round
Binance Reportedly Set to Lead Mesh’s $2B Round
Kiwoom Chases Bithumb Stake South Korea
Kiwoom Chases Bithumb Stake as South Korea Crypto Expands
Sbi Seals 288m Bitbank Acquisition
SBI Seals $288M Bitbank Acquisition to Expand in Japan
Kraken Plans 72m Investment In Aave For A Stake
Kraken Eyes Major Aave Deal With $71M Investment Plan
Bybit Launches Pwm 2 0 For Vip2 Wealth Investors
Bybit Launches PWM 2.0 for VIP2+ Wealth Investors
Kalshi Eyes 40b Valuation For Next Round
Kalshi Eyes $40B Valuation as Funding Talks Heat Up
Fintech
Bitgo Slashes 15 Of Jobs
BitGo Slashes 15% of Jobs to Accelerate AI and Stablecoins
Certik Joins Xdc Network As Validator
CertiK Joins XDC Network to Advance RWA Adoption
Meta Plans Arena Prediction Markets App
Meta Plans Arena Prediction Markets App to Rival Polymarket
Charles Hoskinson Backs Midnight City Cardano Ai Strategy
Cardano AI Strategy Expands as Hoskinson Backs Midnight City
South Korea Plans Crypto Access To Fintech Firms
South Korea Weighs Big Crypto Transfer Boost for Fintechs
Calais Hedge Fund Brings Ubs Umint On Bybit Platforms
Calais Makes History With UBS uMINT Collateral on Bybit
Compliance
Bridge Secures Mica And Emi Licenses
Bridge Secures MiCA and EMI Licenses Across EU
Bank Of Russia Digital Ruble Rollout Ready
Bank of Russia: Digital Ruble Rollout Ready for September
Brazil Orders Crypto Firms To Hold Capital Reserves
Brazil Orders Crypto Firms to Hold Capital Reserves
Solana Launches Onchain Governance For Validators
Solana Launches Onchain Governance for Validators
Tether Freezes 131 Tron Wallets Ofac Sanctioned Over Isis K
Tether Freezes 131 TRON Wallets OFAC Sanctioned Over ISIS-K
Uk Investors Sue Binance For 150 Million
UK Investors Sue Binance for £150 Million
Finance
Kalshi Targets Ipo After Massive Valuation
Kalshi Targets IPO After Massive Growth and $22B Valuation
Coinbase To Launch Tokenized Us Stocks
Coinbase Sparks New Race With 1:1 Backed Tokenized Stocks
Bitmine Launches 300m Preferred Stock Offering
Bitmine Launches $300M Preferred Stock to Buy More ETH
Coinbase Lists Spacex Pre Ipo Perpetual Futures
Coinbase Lists SpaceX Pre IPO Perpetual Futures
Binance Expands Into 24 7 Us Stocks Trading
Binance Expands Into US Stocks With New bStocks Service
Paxos Wins Sec License For Equity Blockchain Settlement
SEC Clears Paxos to Settle U.S. Stocks on Blockchain
Newsletter Img

Too much noise in crypto?

We respect your time. You get one high-impact briefing a week. If the market is quiet, so are we.

✅ Join readers from Visa, Vanguard, and the FDIC.
Newsletter Img

The Weekly Briefing

We track the market 24/7. You get a 5-minute summary. If it’s quiet, we skip it.

✅ Read by pros at Visa, Vanguard, and the FDIC.