Credix, Defi protocol, records losses for USD $ 4.5 million after hacking

An attacker used administrative permits to coin fake tokens, extract liquidity and transfer funds to Ethereum. Credix promises to recover all the money in 48 hours.

***

• Credix It was violated after the theft of credentials of a wallet with key permits in the network Solarium.
  
• The attacker used the role “BRIDGE” to coin fake tokens and move funds to Ethereum.
  
• The company ensures that users will recover their funds within 24 to 48 hours.

The decentralized credit protocol Credix recorded today an exploit, which resulted in the loss of approximately USD $ 4.5 million, according to reports of specialized signatures in security Blockchain.

The attack, as confirmed by the firm Peckshield, It originated from a wallet direction with high privileges within the network of Solarium: “0xf321 … 662e”. Using the permissions associated with the role called “BRIDGE”, The attacker managed to coin fake tokens of Accused (A synthetic version of USDC on the network Sonic), Use them as a collateral to request loans and finally move the funds to the network Ethereum.

The web3 Certik Cybersecurity company corroborated the incident and published three Ethereum addresses that still contain part of the stolen funds. So far, none of these directions has interacting with exchanges, which indicates that the funds have not been bleached or resembled.

Credix Respond with containment measures

After detecting the gap, Credix He published several communications in the social network X. First, he reported on the security gap and deactivated its website temporarily to prevent users from depositing more funds. Then, he recommended users directly with smart contracts to withdraw their assets.

In a third publication, the team assured that “All user funds will be fully recovered within 24 to 48 hours”. However, it was not specified whether the reimbursement will come from internal reserves, external investments or some type of negotiation with the attacker.

This lack of details has generated uncertainty among the users of the protocol, although so far the promise of total reimbursement has helped contain a possible crisis of trust.

A challenging year for security DEFI

The case of Credix adds to a worrying trend of security incidents in the ecosystem DEFI during 2025. According to recently published data, In the first half of the year, losses have been recorded for a total of USD $ 2.1 billion due to cryptocurrency -related hackeos.

Of that total, approximately 12% – quoted to USD $ 252 million – corresponds to protocols attacks DEFI. These exploits usually derive from vulnerabilities in intelligent, credentials committed or poorly configured permits.

This pattern has led to multiple analysts to warn about the need to implement best key management practices, continuous code audits and stricter supervision in terms of administrative roles within the decentralized protocols.

As to Credix, It is an on-chain credit protocol that connects investors with non-banking holders and non-banking lenders, particularly in emerging markets. Its business model focuses on offering tokenized financing for debt, allowing investors to access opportunities that have traditionally been outside the traditional financial system.

Based in Belgium, the company has raised a total of USD $ 73.7 million through four rounds of financing. His proposal has gained traction as an innovative way to channel investment towards sectors without access to traditional banking, using infrastructure Blockchain as a base.

The nature of the attack does not point to a vulnerability of the intelligent contract itself, but to a gap in the access control of administrative wallets. This type of incidents highlights the thin line between operational decentralization and the need for robust controls on critical access points.

Perspectives after the incident

It still remains to see if Credix You can fulfill your promise of total refund in the next 48 hours. The team’s ability to recover funds and restore confidence will be crucial not only for their survival, but also as a message to the rest of the ecosystem DEFI.

Users and investors will be attentive to the next movements of the company, while security signatures continue to monitor the addresses containing stolen funds.

This event turns on the alarms on governance and operational safety in decentralized protocols, remembering that technology alone does not guarantee invulnerability.

Written article with the help of an AI content editor, edited by Angel Di Matteo / Diariobitcoin

Original image of Diariobitcoin, created with artificial intelligence, for free use, licensed under public domain.

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.

Subscribe to our newsletter