CrediX Exploited via Admin Access in DeFi Attack

CrediX exploited after attacker gained multisig admin access, drained funds by minting collateral and borrowing heavily.

Ava NakamuraAugust 4, 2025 - 7:00 PM

DeFi platform CrediX exploited via admin access attack

DeFi News

Attacker added as multisig admin and bridge controller
Permissions used to mint collateral and drain funds
CrediX website disabled to block new deposits

DeFi lending protocol CrediX has fallen victim to a serious exploit, reportedly caused by an attacker being added as a multisig admin and bridge controller just six days before the breach. Security firm SlowMist flagged the incident, confirming that the attacker abused this elevated access to mint collateral and borrow large sums, eventually draining the protocol’s liquidity pool.

The breach raises serious concerns about governance and access controls in decentralized finance (DeFi) systems, especially those that manage high-value assets.

How the Attack Happened

According to SlowMist, the attacker was granted privileged permissions that allowed them to manipulate the protocol’s internal mechanics. Once in control, the attacker:

Minted fake or unauthorized collateral
Used the collateral to borrow heavily from the protocol
Fully drained the lending pool, leaving it illiquid

The identity of those who approved the malicious admin addition remains unclear, and it’s uncertain whether it was due to a governance loophole, social engineering, or an internal compromise.

SlowMist reported that DeFi project CrediX was exploited after an attacker was added as a multisig admin and bridge controller six days ago. The attacker used the permissions to mint collateral and borrow large amounts, draining the pool. CrediX has disabled its website to…
— Wu Blockchain (@WuBlockchain) August 4, 2025

CrediX Takes Action – But Is It Too Late?

In response to the attack, CrediX has taken its website offline to prevent users from making any new deposits. This emergency move is aimed at containing the damage, although the funds already stolen appear to be unrecoverable at this time.

CrediX had gained attention in 2023 after securing a $60 million credit line, a move that was seen as a significant step forward in its mission to connect real-world credit markets with DeFi. This exploit, however, may severely damage its reputation and investor confidence.

The incident serves as another reminder of the critical importance of secure governance structures, especially in protocols that hold or manage substantial capital. As the DeFi space continues to grow, so too do the risks that come with poor access control and a lack of robust security audits.

Read also:

Disclaimer: The content on CoinoMedia is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency investments carry risks, and readers should conduct their own research before making any decisions. CoinoMedia is not responsible for any losses or actions taken based on the information provided.