- CrediX compromised by admin role misuse, affecting liquidity pools.
- Losses estimated between $2.64M and $4.5M.
- Criticism over governance and fund recovery commitments.
CrediX, a DeFi project on the Sonic network, was exploited in August 2025, resulting in estimated losses between $2.64 million and $4.5 million.
The incident highlights vulnerabilities in DeFi governance structures, affecting user confidence and market stability, leading to a temporary shutdown and substantial decline in total value locked.
CrediX, a decentralized finance protocol, experienced an exploit in August 2025 due to an attacker being added as a multisig admin and bridge controller. The incident resulted in losses of approximately $2.64 million to $4.5 million.
The attacker utilized the granted roles to mint unbacked tokens and drain liquidity. The key roles involved were POOL_ADMIN, BRIDGE, and other high-level permissions managed by the ACLManager, compromising CrediX’s protocol management.
The attacker received admin and bridge privileges via the ACLManager six days prior, paving the way for manipulation and pool draining using freshly minted collateral tokens.” – SlowMist, Security Firm
Funds were converted into USDC and transferred across networks, with attempts for laundering through Tornado Cash. CrediX’s TVL fell to near zero as confidence dipped, leading to an interface shutdown and a halt on new deposits.
Financial implications include synthetic collateral misuse and liquidity depletion. The attacked assets were primarily USDC on the Sonic network, with no direct impact on ETH or BTC. The incident reiterates persistent DeFi governance issues.
Community reactions skew towards criticism of “poor access controls” and lack of effective multisig governance. Communication attempted to reassure users of fund recovery but lacked specific funding source details.
The incident highlights the systemic risk in DeFi when governance is compromised. Past trends of admin role exploits show varied recovery success, typically relying on protocol reserves or external negotiations for fund restitution.
