Credix DeFi Protocol Hit by $4.5M Hack via Admin Breach

TheCryptoTimesDipublikasikan tanggal 2025-08-03Terakhir diperbarui pada 2025-08-04

A major exploit has hit decentralized lending protocol Credix, with an attacker siphoning off around $4.5 million after quietly gaining admin-level access nearly a week before the actual strike.

The incident came to light after security firm SlowMist flagged unusual activity involving the Credix multisig wallet. On-chain records show that six days prior to the exploit, an attacker was added as both a multisig admin and bridge controller through the protocol’s ACLManager. These elevated roles gave them direct access to mint collateral tokens via the bridge and use them to borrow assets from the lending pool.

Once the fake collateral was in place, the attacker drained the pool by borrowing against it on-chain. Security analysts at Cyvers also picked up the breach, noting that the attacker’s wallet was initially funded via Tornado Cash, a privacy mixer often used in exploits to hide money trails. 

After draining Credix’s funds, the attacker moved a bulk of the assets to Ethereum, making tracking even harder. In response, Credix took its website offline to block any new deposits while it investigates the breach. There’s been no official statement yet about user fund recovery or whether deposits were affected.

Credix had made headlines last year after securing a $60 million credit facility to expand its lending platform. But this exploit is likely to dent user trust and raise tough questions about the protocol’s internal security practices, especially its access control structure.

The Credix exploit again exposes how damaging weak admin controls and bridge access can be in DeFi.

Until Credix provides a detailed update, users should revoke any approvals, avoid new interactions, and stay alert for further developments.

Also Read: Hackers Steal $448K in Crypto From Cyprus Investor’s Wallet



Bacaan Terkait

Pengamatan Kepatuhan Laporan BIS: Risiko Sebenarnya Stablecoin, Bukan Hanya "Pelepasan Jangkar"

Laporan BIS mengingatkan bahwa risiko utama stablecoin tidak hanya terletak pada kemungkinan "depegging" (kehilangan patokan nilai), tetapi pada tantangan untuk memasukkannya ke dalam sistem keuangan yang dapat diidentifikasi, dipantau, dipertanggungjawabkan, dan diregulasi. Laporan berjudul "Anchoring Trust in Money" menekankan bahwa uang bukan sekadar produk teknologi. Kepercayaan datang dari kerangka hukum, likuiditas, unit akun bersama, dan integritas keuangan. Dalam sistem tradisional, bank bertanggung jawab atas KYC, pemantauan transaksi, dan pelaporan. Sebaliknya, stablecoin yang beredar di blockchain tanpa izin menghadapi risiko kombinasi: anonimitas semu, dompet non-kustodial, jembatan lintas rantai, dan kurangnya kejelasan subjek hukum. Transparansi pada rantai (on-chain) tidak sama dengan transparansi kepatuhan. Alamat yang terlihat tidak berarti identitas terungkap. Risiko stablecoin dapat merembes kembali ke keuangan tradisional melalui pintu masuk/keluar dana (on/off-ramp), platform perdagangan, dan akun pelanggan. Masa depan regulasi bukan melarang inovasi, tetapi "menanamkan aturan" ke dalam infrastruktur. Sistem keuangan token masa depan harus menyematkan identifikasi pelanggan, penyaringan risiko pra-transaksi, jejak data yang dapat diaudit, dan mekanisme kolaborasi lintas yurisdiksi sejak awal. Kepatuhan bukanlah penghalang, melainkan infrastruktur dasar yang memungkinkan inovasi keuangan berkelanjutan dan aman.

marsbit2j yang lalu

Pengamatan Kepatuhan Laporan BIS: Risiko Sebenarnya Stablecoin, Bukan Hanya "Pelepasan Jangkar"

marsbit2j yang lalu

Trading

Spot
活动图片