The DeFi project CrediX was attacked, causing a loss of approximately 4.5 million USD due to access and multisig Wallet management vulnerabilities.
The cross-network exploitation incident led to unauthorized access, allowing the attacker to steal assets from the CrediX treasury on Sonic Network and transfer them to Ethereum. CrediX is committed to restoring the full amount within 24–48 hours.
MAIN CONTENT
CrediX was exploited through a multisig Wallet access vulnerability, resulting in a loss of approximately 4.5 million USD.
The hacker exploited Admin and Bridge roles in the multisig to mint Tokens and borrow assets beyond the limit.
The Hacken 2025 report emphasizes that most cryptocurrency losses stem from multisig access control errors, requiring real-time security and rigorous training.
How was CrediX exploited through cross-network exploitation?
The exploitation of CrediX originated from the access framework and asset movement between Sonic and Ethereum networks. The attacker used an address funded by Tornado Cash on Ethereum to transfer money via the bridge to Sonic, then borrowed an estimated 2.64 million USD from CrediX.
This action highlights the serious risks when a vulnerability is exploited by malicious actors to illegally mint collateral Tokens and withdraw all funds from the project's liquidity pool. The incident forced CrediX to temporarily suspend website operations to block new deposits.
How did the access vulnerability allow the hacker to withdraw funds from the CrediX treasury?
On-chain security expert SlowMist identified that the attacker had been added to Credix's multisig Wallet with Admin and Bridge rights before the incident, via ACLManager. With Bridge rights, the hacker could directly mint collateral Tokens.
Thanks to the newly minted Tokens, the hacker borrowed a large amount of assets, depleting the treasury. This incident shows how improper management of permissions can lead to severe declines for DeFi projects.
Multisig governance requires caution and absolute security to protect user assets, as a small mistake can have significant consequences.
SlowMist, blockchain security expert, 2025
CrediX is committed to refunding the full amount within 24–48 hours, demonstrating responsibility to users during the crisis.
Why did the multisig Wallet become a major attack target in 2025?
Hacken's mid-2025 report states that total cryptocurrency losses amount to 3.1 billion USD, largely due to multisig Wallet errors. Attacks often occur through spoofed interfaces or ineffective signer management.
Notably, the Bybit attack resulted in a loss of 1.46 billion USD when signers were deceived through a spoofed UI. This highlights the security risks from managing access in DeFi and cryptocurrency projects.
What solutions does Hacken propose to enhance multisig security?
Hacken warns that over 80% of cryptocurrency losses in 2025 are due to unsafe access control. They advise projects not to rely solely on one-time audits but to implement real-time security systems, integrating AI to quickly detect abnormal behaviors.
Additionally, Hacken emphasizes that signer training and UI improvements are essential to prevent similar attacks in the future, contributing to the overall enhancement of the DeFi ecosystem.
Multisig security is not just a technical issue but also involves human governance and systems, requiring systematic and continuous investment.
Hacken, Cryptocurrency Security Report 2025
Frequently Asked Questions
How much cryptocurrency did CrediX lose in the attack?
CrediX lost approximately 4.5 million USD due to the attacker exploiting a multisig Wallet access vulnerability.
How did the attacker withdraw all assets from CrediX?
The hacker was added as Admin and Bridge in the multisig Wallet, allowing them to mint Tokens and borrow assets exceeding the limit, depleting the funds.
What are CrediX's plans after this incident?
CrediX is committed to refunding the full amount within 24–48 hours and has temporarily closed the website to prevent new deposits.
Why is the multisig Wallet more vulnerable to attacks in 2025?
Signer management errors and spoofed user interfaces led to most cryptocurrency losses due to multisig Wallet access exposure.
What solutions are recommended for effective multisig security?
Real-time security systems, AI integration, signer training, and improved user interface are key measures.
Source: https://tintucbitcoin.com/credix-lost-4-5-million-usd-ethereum/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news on the cryptocurrency market and not miss any important information!
