Credix DeFi Protocol Hit by $4.5M Hack via Admin Breach

TheCryptoTimes2025-08-03 tarihinde yayınlandı2025-08-04 tarihinde güncellendi

A major exploit has hit decentralized lending protocol Credix, with an attacker siphoning off around $4.5 million after quietly gaining admin-level access nearly a week before the actual strike.

The incident came to light after security firm SlowMist flagged unusual activity involving the Credix multisig wallet. On-chain records show that six days prior to the exploit, an attacker was added as both a multisig admin and bridge controller through the protocol’s ACLManager. These elevated roles gave them direct access to mint collateral tokens via the bridge and use them to borrow assets from the lending pool.

Once the fake collateral was in place, the attacker drained the pool by borrowing against it on-chain. Security analysts at Cyvers also picked up the breach, noting that the attacker’s wallet was initially funded via Tornado Cash, a privacy mixer often used in exploits to hide money trails. 

After draining Credix’s funds, the attacker moved a bulk of the assets to Ethereum, making tracking even harder. In response, Credix took its website offline to block any new deposits while it investigates the breach. There’s been no official statement yet about user fund recovery or whether deposits were affected.

Credix had made headlines last year after securing a $60 million credit facility to expand its lending platform. But this exploit is likely to dent user trust and raise tough questions about the protocol’s internal security practices, especially its access control structure.

The Credix exploit again exposes how damaging weak admin controls and bridge access can be in DeFi.

Until Credix provides a detailed update, users should revoke any approvals, avoid new interactions, and stay alert for further developments.

Also Read: Hackers Steal $448K in Crypto From Cyprus Investor’s Wallet



İlgili Okumalar

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

The BIS report, "Anchoring trust in money: innovation beyond stablecoins," highlights that the primary risks of stablecoins extend beyond potential de-pegging. It argues that the core challenge is whether stablecoins can be integrated into a financial system that is identifiable, monitorable, accountable, and regulatable. While acknowledging efficiency gains like faster payments and programmability, BIS emphasizes that money requires an institutional framework—including legal certainty, liquidity support, and financial integrity controls—which many stablecoins currently lack. The report details compliance risks, noting that while blockchain transactions are transparent, address visibility does not equate to identity or purpose clarity. This creates a systemic risk as pseudonymity, non-custodial wallets, and cross-chain bridges can undermine AML/CFT controls. Furthermore, these risks can spill over into the traditional financial system through on- and off-ramps. The future direction, per BIS, is not to prohibit innovation but to embed regulatory rules—such as identity verification and transaction screening—directly into the technological infrastructure of tokenized finance. The key takeaway for compliance is that any new financial instrument must clearly address questions of customer identification, transaction monitoring, accountability, and cross-border rule consistency to be viable as a mainstream payment tool.

marsbit2 saat önce

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

marsbit2 saat önce

İşlemler

Spot
活动图片