CrediX Hack Adds to $3.1 Billion DeFi Losses in 2025 as Multisig Failures Surge
The decentralized finance (DeFi) sector has once again been shaken by a major exploit, this time targeting CrediX, a popular protocol in the DeFi ecosystem.
According to reports, CrediX suffered a significant loss of $4.5 million following an attack enabled by a private key compromise and governance access flaws. The attacker was able to bridge funds across networks, exploit administrative access, and drain the CrediX Pool using minted collateral tokens.
The incident has added to mounting concerns over the security of multisig wallets, which have accounted for most of the $3.1 billion in crypto losses so far in 2025. Multisig wallets are designed to offer higher security by requiring multiple signatures to authorize transactions, but recent attacks have highlighted the importance of robust governance and access control.
Funds Bridged from Sonic to Ethereum
CertiK, a blockchain security firm, confirmed that the stolen funds were transferred from the Sonic network to Ethereum. Cyvers Alerts, a Web3 security platform, flagged multiple suspicious transactions on Sonic, tracing one address funded via Tornado Cash on Ethereum.
This address bridged funds to Sonic and borrowed approximately $2.64 million from CrediX. These funds were likely extracted using collateral tokens that the attacker minted after gaining backdoor access. The attack was made possible by the attacker being granted Admin and Bridge roles within the CrediX Multisig Wallet six days prior to the exploit.
The Role of Governance in DeFi Security
According to SlowMist, an on-chain security provider, the attacker's ability to gain access to these roles highlights a critical risk in decentralized governance models. Inadequate oversight in assigning privileges, especially in multisig environments, leaves DeFi protocols highly exposed to internal or external compromise.
This type of exploit underlines the importance of robust role-based access control and governance in the DeFi ecosystem. As the number of DeFi protocols continues to grow, it is essential that developers prioritize security and implement effective measures to prevent similar incidents in the future.
The Broader Trend of Multisig Wallet Exploits
The CrediX incident is part of a broader trend this year. A report by security firm Hacken states that $3.1 billion in crypto was lost in the first half of 2025, with the majority of cases involving multisig wallets.
These wallets were often breached through social engineering tactics, fake interfaces, or misconfigured signer setups. The largest known attack this year remains the $1.46 billion Bybit exploit, where attackers deceived multisig signers using a spoofed interface.
The Need for Real-Time Threat Detection
In response to the growing frequency of such incidents, Hacken has recommended moving away from traditional one-time security audits. Instead, the firm advocates for real-time, AI-based security systems that monitor multisig activity and flag abnormal behavior instantly.
According to Hacken, more than 80% of crypto losses this year stemmed from access control failures. The firm urges platforms to implement stricter signer training, enforce tighter rule-based automation, and treat interfaces and signers as integral to system security.
CrediX's Response to the Incident
Meanwhile, CrediX has said it aims to recover the stolen funds within 24-48 hours, though no further details have been provided at this time. The incident highlights the importance of transparency and communication in the DeFi community.