Key Highlights
- CrediX, a major DeFi player faces a critical security incident.
- Exploit involved bridges, oracles, and admin access.
- Deposits paused as the platform works on containment.
CrediX, a DeFi platform built on Solana and known for tokenizing real-world credit assets, reported a security breach on August 4, 2025. An attacker gained multisig admin and bridge controller access on CrediX just six days before the exploit. Using these permissions, they minted fake collateral, borrowed large sums, and drained the platform’s liquidity pool worth $4.5 million as per PeckShield.
CrediX Pulls the Plug
CrediX has pulled the brakes and it has disabled its website to stop any further deposits and is making an effort to contain the fallout. The move comes as a major blow to a platform that had scored a $60 million credit line earlier in 2023, signalling strong institutional faith in its bold vision for decentralized credit. Now, that momentum faces a serious stress test.
Tornado Cash and Sonic Network Used to Obscure Funds
The attacker first used Tornado Cash to hide the source of their own crypto funds. This made it difficult to trace them. The attacker then moved (or bridged) the hidden crypto funds to the Sonic Network, a blockchain that connects with CrediX. This step lets them connect directly with the CrediX protocol.
Once on Sonic, the attacker took advantage of bugs in CrediX’s smart contracts and oracle systems. These systems handle things like checking if loans are valid and setting price data. By tricking them, the attacker borrowed about $4.5 million, way more than they were allowed based on their collateral.
Bridging TradFi with DeFi
The project was launched in 2021 with a vision to transform the $800 billion private credit market by creating a decentralized credit platform on Solana. The platform connects institutional borrowers, mainly fintech lenders in emerging markets, with global investors who are hungry for yield. Borrowers tap into liquidity by creating collateralized credit deals, while investors get access to vetted, high-quality opportunities offering stable USDC yields of 14-15%. It is a private credit that is reimagined for the on-chain era.
The project stands out because it turns real-world assets like receivables into digital tokens using blockchain. This makes it easier to trade, increases liquidity, and uses smart contracts to cut out intermediaries or middlemen. Overall, the project is also responsible for bridging traditional finance with DeFi.
If we put the strengths aside, the recent exploit highlights risks in DeFi protocols, especially when complex permissions and cross-chain setups are in play. The attacker used their admin powers to mint fake collateral, borrow big, and drain the pool dry. It is a wake-up call for the entire space: if your multisig and bridge security are not strong, you are leaving the vault door open for the bad actors to enter.
Audits, Timelocks, Bug Bounties – Still Not Enough?
The platform has emphasized that it conducts regular internal and external security audits. These audits are carried out through reputed firms. These firms test the platform’s smart contracts and platform codes. The platform is also known for using timelocks for admin changes and runs bug bounty programs to catch issues early. Still, this hack shows that even trusted, audited projects can be hit by insider threats or misuse of permissions.
At present, the platform’s main focus remains at protecting the remaining funds and communicating transparently with its community members. The platform has, as informed above, disabled deposits which is temporary but a critical step in such situations. Meanwhile, CrediX is carrying out an investigation and working on remediation efforts.
Also Read: Arizona Continues to List in Inc.5000 With More Companies