Hacken urges real-time AI monitoring for DeFi wallet security.
The decentralised finance sector has once again been shaken by a major exploit — this time targeting CrediX.
The project reportedly lost $4.5 million following an attack enabled by a private key compromise and governance access flaws.
The attacker bridged funds across networks, exploited administrative access, and drained the CrediX Pool using minted collateral tokens.
The incident has added to mounting concerns over the security of multisig wallets, which have accounted for most of the $3.1 billion in crypto losses so far in 2025.
CrediX has since taken its website offline to prevent further deposits.
Blockchain security firm CertiK confirmed that the stolen funds were transferred from the Sonic network to Ethereum.
Web3 security platform Cyvers Alerts flagged multiple suspicious transactions on Sonic, tracing one address funded via Tornado Cash on Ethereum.
This address bridged funds to Sonic and borrowed approximately $2.64 million from CrediX.
These funds were likely extracted using collateral tokens that the attacker minted after gaining backdoor access.
According to SlowMist, an on-chain security provider, the attacker was granted Admin and Bridge roles within the CrediX Multisig Wallet six days prior to the exploit.
These roles were assigned using the protocol’s ACLManager.
With Bridge-level access, the attacker was able to mint collateral tokens through the CrediX Pool, which were then used to borrow assets and ultimately drain the protocol.
This type of exploit underlines a critical risk in decentralised governance models, particularly around role-based access control.
Inadequate oversight in assigning privileges, especially in multisig environments, leaves DeFi protocols highly exposed to internal or external compromise.
The CrediX incident is part of a broader trend this year.
A report by security firm Hacken states that $3.1 billion in crypto was lost in the first half of 2025, with the majority of cases involving multisig wallets.
These wallets were often breached through social engineering tactics, fake interfaces, or misconfigured signer setups.
The largest known attack this year remains the $1.46 billion Bybit exploit, where attackers deceived multisig signers using a spoofed interface.
In response to the growing frequency of such incidents, Hacken has recommended moving away from traditional one-time security audits.
Instead, the firm advocates for real-time, AI-based security systems that monitor multisig activity and flag abnormal behaviour instantly.
According to Hacken, more than 80% of crypto losses this year stemmed from access control failures.
The firm urges platforms to implement stricter signer training, enforce tighter rule-based automation, and treat interfaces and signers as integral to system security.
Meanwhile, CrediX has said it aims to recover the stolen funds within 24-48 hours, though no further details have been provided at this time.
