Key Takeaways
CrediX suffered an exploit after an attacker gained multisig admin and bridge controller roles, draining the protocol’s pool.
The incident forced CrediX to disable its website.
CrediX, a Solana-based decentralized finance (DeFi) platform that tokenizes private credit, was exploited on Monday, according to a statement released the same day.
Credix seems to have had a security breach. We are investigating and will share details soon
— CrediX (@CrediX_fi) August 4, 2025
Blockchain security firm SlowMist, which first flagged the incident, reported that CrediX was exploited after a malicious actor was added as both an Admin and a Bridge via the ACLManager six days before the attack.
🚨SlowMist TI Alert🚨
MistEye detected that @CrediX_fi has been exploited.
The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M
This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET
— SlowMist (@SlowMist_Team) August 4, 2025
The permissions change enabled the attacker to assume the Bridge role and mint collateral tokens directly from the lending pool. Using these illegitimately minted tokens, the attacker borrowed a large amount of assets, effectively draining the protocol’s liquidity.
CrediX announced that an investigation is ongoing and, as a precautionary measure, its website has been temporarily disabled to prevent any new user deposits.
The team assured users that all funds are safe and can still be accessed directly through smart contracts.
According to the statement, full recovery of user funds is expected within 24 to 48 hours.
All users funds will be recovered in full within 24-48 hours
— CrediX (@CrediX_fi) August 4, 2025
CrediX previously secured $60 million in credit financing to support small and medium-sized enterprises (SMEs) in Latin America through priority debt financing, collaborating with a US alternative investment management firm with a $3 billion portfolio.
