Table of Contents
Hackers do not break in credix through code falls or smart contract bugs. Institute, he gained control by gaining administrative access to the multi-cignura wallet system of the protocol. This type of attack has been the biggest threat to crypto projects in 2025.
How did the attack happen
The security firm Slowmist reports that the attackers planned their move carefully. Six days before the theft, someone added the attacker to the multi-signature wallet as both the administrator and the bridge controller, which is through the protocol of the Proteasement Controvers.
With these special privileges, the hackers couch the fake fake collateral tokens directly through the lending pool of the credix. He used these useless tokens to borrow real cryptocurrency borrowing from the protocol, essentially dried to the available funds.
Source: @credix_fi
The blockchain security company Peckshield identified the compromised wallet in “EC662E”, which carried out exploitation. The wallet had many high-level RLEs including pool administrators, bridge controllers, asset listing administrators, emergency administrators and risk administrators.
The stolen money was quickly a film from Sonic Network to Etherium, where it sits in three separate wallets. Security firm Cartink confirmed that the attackers had not yet tried to cash through the exchange.
Credit background and response
Credix launched an actual-watters as an asset lending protocol last month. The Belgian -based company has raised $ 73.7 million in funding and has focused on connecting investors with SMAL lenders to emerging markets.
Protocol marketed itself as an aggregator that users agree with many DEFI platforms such as compound and AAV at the same location. Credix claimed that users can earn more than 10,000% annual individual rates by lending through their platforms.
After discovering the violation, Credix closed its website to prevent new deposits. The company posted on social media, which was invested and promised to recover all the stolen funds with 24 to 48 hours.
Possible recovery agreement reached
In a positive devil, Credix announced that they reached an agreement with the attacker to return the stolen money. The exploiter agreed to give back the company, stating that they had identified all the affected users and the property would be distributed through the Anidrop System. Credix apologized to both the Sonic community and their users for the incident.
Source: Credix_fi
Part of a big problem
Certix hack fits into a disturbed pattern for crypto security in 2025.
Most of these attackers targeted multi-cignura wallets through social engineering, fake interfaces, or poor management of signing permissions. The largest single buybit exchange was $ 1.46 billion, where the attackers cheated the authorized signators with a fake interface.
In 2025, all consume access control failures for 80% of crypto losses.
Why multi-compress wallets are getting hacked
Multi-signature wallets require many people to approve transactions, which should make them more secure than regular wallets. But many projects do not set them properly or individual signators are not given much pump power.
In the case of incredix, adding a single new signal with administrator and bridge rules made a single point of failure. The attacker only needed to comment on a set of credentials to gain complete control over the funds of the protocol.
Security experts say that many DEFI provisions compress compressed security as someone has to improve over time, compared to a requirement before handling millions in user money. This approach leaves users weak who focus on the protocol attracting and launching investment quickly.
Hacen now recommends that Crypto projects go away from one -time security audit. Institute, they should use real-time monitoring systems by artificial intentaligance to watch multi-cignura wallet activity and clearly look at the flag doubt behavior.
What does it mean to go ahead
The Credix attack shows that the weakest link in governance and access control DEFI security remains. Since more projects run to launch and draw funding, proper safety practices are often pushed aside.
Many DEFI protocols control the administrator controlling their early stages, which openly produce for the attackers that can give these powerful accounts. Projects require better inspection that achieve administrative access and strong community approval procedures for significant changes.
The Crypto industry has sex before this cycle – as long as the projects priorities
