CrediX DeFi Platform Loses $4.5 Million in Admin Access Exploit

CrediX Finance, a decentralized lending protocol on the Sonic blockchain, was exploited on August 4, 2025, resulting in a loss of approximately $4.5 million due to a critical governance vulnerability. The attacker was added as a multisig admin and bridge controller six days prior to the breach, gaining elevated permissions that allowed minting unbacked stablecoins and borrowing against them, effectively draining the protocol's liquidity pool. The stolen funds were bridged from Sonic to Ethereum and dispersed across multiple wallets, where they remain under the attacker's control. In response, CrediX disabled its website and halted on-chain operations, promising full recovery of user funds within 24 to 48 hours, although detailed recovery plans have not been disclosed. This incident highlights ongoing security concerns within DeFi projects, especially those with centralized control elements like multisig admin wallets, which can be vulnerable if compromised. Despite securing substantial credit lines previously, CrediX's exploit underscores the risks associated with emerging DeFi protocols and the need for robust governance and security measures.