CrediX Recovers $4.5M Following Exploit Negotiation

Highlights:

• CrediX recovers $4.5M through a direct settlement with the attacker.
• The breach occurred through multi-signature admin access, not smart contract flaws.
• Stolen funds will be returned to users via an airdrop within 48 hours.

CrediX has recovered $4.5 million of stolen crypto through a direct negotiation with the attacker. The deal follows a huge breach on the Sonic blockchain-based lending platform just a day ago. The recovery resulted from a private settlement in which the attacker agreed to refund the stolen funds. CrediX, in turn, offered an unspecified sum from its treasury. Additionally, the stolen amount will be redistributed within 48 hours.

CrediX stated:

‘We’ve got some good news for our users. We were able to conclude an amicable dialogue with the attacker, who agreed to return the stolen funds within 24-48 hours.”

The protocol affirmed that it has been able to map the compromised addresses. In addition, users will get their portions precisely through an airdrop with no action required. Following the exploit, the company closed its deposit services to avoid increasing risk and promised users that they would restore their balances.

CrediX has also expressed an apology to the Sonic community, citing the inconvenience and worry that the exploit brought. CrediX was very responsive, with the recovery efforts being started several hours after its discovery of the breach, even though CrediX is a relatively new platform.

We have good news for our users. Reached succesfull parley with the exploiter who agreed to return the the funds within the next 24-48 hours in return for money fully paid by the credix treasury. We have addresses of all the affected users and will airdrop them their share of…

— CrediX (@CrediX_fi) August 4, 2025

Details Emerge on How the CrediX Exploit Unfolded

CrediX became the target of an attack on August 4, 2025, resulting in a loss of $4.5 million in cryptocurrency. This was not a hack through a bug in a smart contract like most DeFi hacks. Rather, the code allowed the attacker to get administrative privileges. Security company SlowMist said the attacker was given multi-signature access to the protocol’s wallet combination six days earlier. Through this access, they had several strong functions, such as being a bridge controller, risk admi,n or emergency admin.

🚨SlowMist TI Alert🚨

MistEye detected that @CrediX_fi has been exploited.

The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M

This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET

— SlowMist (@SlowMist_Team) August 4, 2025

This control allowed the exploiter to mint fake collateral tokens at CrediX’s lending pool. Moreover, the exploiter exchanged such fake assets for real cryptocurrencies. The stolen funds were quickly transferred out of the Sonic network onto Ethereum via wallets that were funded with Tornado Cash.

Later, PeckShield found the primary exploit vehicle to be a wallet with the name ending with “EC662e.” The hacker divided the money among three Ethereum wallets. There are no reports of an effort to withdraw via exchanges. CertiK also noted that the hacker employed deliberate and careful processes and did not exploit vulnerabilities in the system, but exploited the permission system. Consequently, this serves as an indicator of an increasing problem with cryptosecurity: permission-based attacks.

Crypto Hacks Continue as July Losses Cross $140 Million

The CrediX hack is only one of the events included in a series of crypto hacks in 2025. July alone saw 17 individual attacks that totalled to the loss of digital assets worth $142 million. The figure represented a 27% rise in June. The largest loss was incurred by CoinDCX, which had $44.2 million drained on July 18. An employee has since been arrested by police. The GMX followed with a loss of $42 million, but the hacker paid back 40.5 million afterwards. Other notable hacks were those of BigONE, which lost $27 million, and WOO X, in an attack worth $14 million that resulted from phishing. Future Protocol also lost $4.2 million in the same period.