CrediX Finance hacked for $4.5m via governance flaw

CrediX Finance went offline after hackers used a multisig admin exploit to drain $4.5 million from the protocol.

Security remains a key concern for DeFi projects, particularly those with centralized ownership and control. On Monday, August 4, less than a month after its launch, CrediX Finance went offline following a $4.5 million exploit.

According to blockchain security firm SlowMist, the attackers gained access to the protocol’s multisig admin and bridge wallets six days before the incident. With this access, they acted as a bridge and minted collateral tokens.

These tokens were then used to borrow large amounts of crypto, quickly draining CrediX Finance’s liquidity pool. Security firm CertiK confirmed the protocol lost approximately $4.5 million. The attackers bridged the stolen funds from Sonic (S) to Ethereum (ETH).

How the CrediX Finance hack happened

CrediX Finance launched in July 2025 as a real-world asset lending protocol. It allowed borrowers to receive loans backed by off-chain income and collateral provided by DeFi lenders.

This incident is one of several recent DeFi-related exploits. According to CertiK, $153 million was lost to various crypto exploits and scams in July alone. Of this, exchange-related incidents accounted for $86.6 million, while code vulnerabilities caused $55.4 million in losses.

Despite the “decentralized” label, many DeFi protocols retain elements of centralization. Multisig admin wallets often have the ability to pause contracts, change protocol parameters, or mint new tokens.

For some projects, this is important in the early stage, as the protocol is developing. However, this also enables attackers to exploit these protocols if they are able to gain access to admin accounts.