The post CrediX Hit by $4.5M Hack, Attacker Bridges Funds to Ethereum appeared first on Coinpedia Fintech News
The DeFi project CrediX has reportedly been hacked, with losses estimated at $4.5 million. The incident appears to be the result of a private key compromise, which allowed the attacker to gain unauthorized access to the system.
CrediX Hit By Cross-Network Exploit
As a safety step, CrediX has taken its website offline to block new user deposits. Security firm CertiK reported that the stolen funds were moved from the Sonic network to Ethereum. So far, the attacker’s wallet still holds the stolen assets, and there has been no further movement.
Cyvers Alerts, a Web3 security firm, also flagged multiple suspicious transactions on the Sonic network involving CrediX. According to them, an address funded via Tornado Cash on Ethereum bridged funds to Sonic, then borrowed around $2.64 million from CrediX.
An address funded by @TornadoCash on the #ETH network bridged funds to the #Sonic network and borrowed approximately 2.64M from @CrediX_fi.
Most of these funds have… pic.twitter.com/vK2y21Vhu9
—
Access Flaw Lets Attacker Drain CrediX Pool
On-chain security firm SlowMist notes that six days before the exploit was detected, the attacker was added as both Admin and Bridge to the CrediX Multisig Wallet using the ACLManager. With Bridge-level privileges, the attacker gained direct access to mint collateral tokens through the CrediX Pool.
Using the freshly minted tokens, they were able to borrow a large amount of assets from the protocol, ultimately draining the pool. This shows how risky it can get when access and roles are not properly managed in a multisig setup, and highlights how critical governance security is in DeFi systems.
CrediX has assured the users that all funds will be fully recovered within 24–48 hours.
.article-inside-link {
margin-left: 0 !important;
border: 1px solid #0052CC4D;
border-left: 0;
border-right: 0;
padding: 10px 0;
text-align: left;
}
.entry ul.article-inside-link li {
font-size: 14px;
line-height: 21px;
font-weight: 600;
list-style-type: none;
margin-bottom: 0;
display: inline-block;
}
.entry ul.article-inside-link li:last-child {
display: none;
}
- Also Read :
- Crypto Hacks Surge in 2025: $2.1 Billion Stolen in Just 6 Months
- ,
Multisig Hacks Lead 2025 Losses
According to a report from Hacken, crypto losses hit $3.1 billion in the first half of 2025, and most of it came from multisig wallet failures. These wallets were often exploited through fake interfaces and poor signer management.
The most damaging attack was the $1.46B Bybit hack, where signers were tricked by a spoofed UI.
Hacken Urges Real-Time Multisig Security
More than 80% of all crypto losses this year were caused by access control failures. Hacken now recommends that projects move away from one-time audits and adopt real-time, AI-driven security systems. These tools can track multisig wallet activity, detect abnormal behavior, and provide faster response times.
Hacken also advises that teams treat signers and user interfaces as key elements of the security system, not just technical features. Improved training, stricter automation, and tighter rules are necessary if DeFi platforms want to avoid similar attacks in the future.
.article_register_shortcode {
padding: 18px 24px;
border-radius: 8px;
display: flex;
align-items: center;
margin: 6px 0 22px;
border: 1px solid #0052CC4D;
background: linear-gradient(90deg, rgba(255, 255, 255, 0.1) 0%, rgba(0, 82, 204, 0.1) 100%);
}
.article_register_shortcode .media-body h5 {
color: #000000;
font-weight: 600;
font-size: 20px;
line-height: 22px;
text-align:left;
}
.article_register_shortcode .media-body h5 span {
color: #0052CC;
}
.article_register_shortcode .media-body p {
font-weight: 400;
font-size: 14px;
line-height: 22px;
color: #171717B2;
margin-top: 4px;
text-align:left;
}
.article_register_shortcode .media-body{
padding-right: 14px;
}
.article_register_shortcode .media-button a {
float: right;
}
.article_register_shortcode .primary-button img{
vertical-align: middle;
width: 20px;
margin: 0;
display: inline-block;
}
@media (min-width: 581px) and (max-width: 991px) {
.article_register_shortcode .media-body p {
margin-bottom: 0;
}
}
@media (max-width: 580px) {
.article_register_shortcode {
display: block;
padding: 20px;
}
.article_register_shortcode img {
max-width: 50px;
}
.article_register_shortcode .media-body h5 {
font-size: 16px;
}
.article_register_shortcode .media-body {
margin-left: 0px;
}
.article_register_shortcode .media-body p {
font-size: 13px;
line-height: 20px;
margin-top: 6px;
margin-bottom: 14px;
}
.article_register_shortcode .media-button a {
float: unset;
}
.article_register_shortcode .secondary-button {
margin-bottom: 0;
}
}
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
.subscription-options li {
display: none;
}
.research-report-subscribe{
background-color: #0052CC;
padding: 12px 20px;
border-radius: 8px;
color: #fff;
font-weight: 500;
font-size: 14px;
width: 96%;
}
.research-report-subscribe img{
vertical-align: sub;
margin-right: 2px;
}
var templateIds = “6”;
var listOfSubscribed = [];
function subscribed_popupmodal(template_id) {
var templateId = ‘6’;
getAllSubscriberCategoryList([templateId]);
var subcribemodal = window.parent.document.getElementById(‘subscribe-modal-design’);
if (subcribemodal) {
var modalContent = `
Never Miss a Beat in the Crypto World!
Stay informed and gain the edge you need to navigate the crypto world. Select your subscription now
`;
subcribemodal.innerHTML = modalContent;
}
subscribe_unsubscribe_status(template_id);
//getAllSubscriberCategoryList(template_id);
}
function toggleSubscription(subscription, template_id) {
var subscriptionCheckbox = document.getElementById(subscription + ‘_’ + template_id);
var li = document.getElementById(subscription + ‘Selected_’ + template_id);
if (subscriptionCheckbox.checked) {
li.classList.add(‘active’);
} else {
li.classList.remove(‘active’);
}
}
function getAllSubscriberCategoryList(getcategoryId) {
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘GET’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list’,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
var idstosubscribed = []
// Populate listOfSubscribed with subscribed category IDs
result.message.forEach(listofcategory => {
if (listofcategory.subscribe_status === 1) {
if (!listOfSubscribed.includes(listofcategory._id)) {
listOfSubscribed.push(listofcategory._id);
}
if (!idstosubscribed.includes(listofcategory.news_cp_category_row_id)) {
idstosubscribed.push(listofcategory.news_cp_category_row_id);
}
}
});
idstosubscribed.forEach(id => {
var subscribeButton = document.getElementById(‘subscribe_’ + id);
var unsubscribeButton = document.getElementById(‘unsubscribe_’ + id);
if (subscribeButton && unsubscribeButton) {
subscribeButton.style.display = ‘none’;
unsubscribeButton.style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
});
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function subscribe_unsubscribe_status(getcategoryId) {
var elementTounsubscribe = parent.document.getElementById(‘unsubscribe_’ + getcategoryId);
var elementTosubscribe = parent.document.getElementById(‘subscribe_’ + getcategoryId);
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list?category_row_id=’ + getcategoryId,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
parent.jQuery(‘.skeliton-loader-block’).hide();
var hasSubscribeStatusOne = false;
result.message.forEach(subscribeStatus => {
if (listOfSubscribed.includes(subscribeStatus._id) && subscribeStatus.subscribe_status === 1) {
hasSubscribeStatusOne = true;
}
if (subscribeStatus.notification_type === 3) {
parent.document.getElementById(‘monthlySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘monthly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘monthly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 2) {
parent.document.getElementById(‘weeklySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘weekly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘weekly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 1) {
parent.document.getElementById(‘dailySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘daily_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘daily_’ + getcategoryId).checked = true;
}
}
if (subscribeStatus.subscribe_status === 1) {
listOfSubscribed.push(subscribeStatus._id);
}
});
if (hasSubscribeStatusOne) {
elementTosubscribe.style.display = ‘none’;
elementTounsubscribe.style.display = ‘block’;
} else {
elementTosubscribe.style.display = ‘block’;
elementTounsubscribe.style.display = ‘none’;
}
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function logSelectedSubscriptions(categoryid) {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
unsubscribemodal.innerHTML=”;
subscribedmodal.innerHTML=”;
var selectedSubscriptions = [];
var storeCheckedId = [];
var checkboxes = document.querySelectorAll(‘#subscription-options-‘ + categoryid + ‘ input[type=”checkbox”]’);
var errorMessage = document.getElementById(‘error-message-select’);
// Use a Set to handle unique data-ids
var uniqueSubscribedIds = new Set(listOfSubscribed);
checkboxes.forEach(function(checkbox) {
var dataId = parseInt(checkbox.getAttribute(‘data-id’));
if (checkbox.checked) {
selectedSubscriptions.push(checkbox.id);
storeCheckedId.push(dataId);
} else {
uniqueSubscribedIds.delete(dataId); // Remove unchecked data-id
}
});
// Update listOfSubscribed with unique values
listOfSubscribed = Array.from(uniqueSubscribedIds);
var selectedSubscriptionsString = selectedSubscriptions.join(‘, ‘);
var concatinateSubscribeId = […new Set(storeCheckedId.concat(listOfSubscribed))];
var categoryData = {
‘subscribed_categories’: concatinateSubscribeId
};
var requestSubscriberData = {
action: ‘handle_dynamic_api_request_with_headers’,
security: ‘4eb212666f’,
endpoint: ‘/app/email_newsletter/update_categories’,
token: ”,
data: categoryData
};
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: requestSubscriberData,
beforeSend: function(xhr) {
xhr.setRequestHeader(‘X-Requested-With’, ‘XMLHttpRequest’);
},
success: function(response) {
try {
response = response.data;
if (storeCheckedId.length === 0) {
var unsubcribedPopUpmodal =
`
You’ve Unsubscribed Successfully
We’re sorry to see you go! Your subscription has been canceled. If you change your mind, you can re-subscribe anytime. Thank you for being part of our community!
`;
unsubscribemodal.innerHTML = unsubcribedPopUpmodal;
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
unsubscribemodal.style.display = ‘block’;
unsubscribemodal.classList.remove(‘hide’);
unsubscribemodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘block’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘none’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘none’;
}
} else {
var subscribedPopupModal =
`
Thank you for subscribing!
Thank you for subscribing to our crypto and blockchain newsletter! You’ll now receive the latest news, insights, and updates straight to your inbox. Welcome to our community!
`;
let selectedSubscriptionsArray = selectedSubscriptionsString.split(‘,’);
let subscribedCategories = selectedSubscriptionsArray.map(subscription => subscription.split(‘_’)[0]);
let subscribedCategoriesString = subscribedCategories.join(‘, ‘);
subscribedmodal.innerHTML = subscribedPopupModal;
if (document.getElementById(‘selectidname’)) {
document.getElementById(‘selectidname’).textContent = subscribedCategoriesString;
}
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
subscribedmodal.style.display = ‘block’;
subscribedmodal.classList.remove(‘hide’);
subscribedmodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘none’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
} catch (e) {
console.error(‘Error parsing response:’, e);
}
},
});
}
function closeModal(template_id) {
var modalId = template_id;
var modal = document.querySelector(‘#’ + modalId); // Using querySelector to find the modal
if (modal) {
modal.classList.add(‘hide’);
modal.classList.remove(‘show’);
setTimeout(function() {
modal.style.display = ‘none’;
}, 500);
} else {
console.warn(‘Modal not found:’, modalId);
}
}
function closeunsubscribemodal() {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
if (unsubscribemodal) {
unsubscribemodal.classList.add(‘hide’);
unsubscribemodal.classList.remove(‘show’);
}
setTimeout(function() {
unsubscribemodal.style.display = ‘none’;
}, 500);
}
function closesubscribemodal() {
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
setTimeout(function() {
subscribedmodal.style.display = ‘none’;
}, 500);
if (subscribedmodal) {
subscribedmodal.classList.add(‘hide’);
subscribedmodal.classList.remove(‘show’);
}
}
function withoutLoginClicked(withoutlogin_id) {
localStorage.setItem(‘subscribe_without_Login’, ‘true’);
localStorage.setItem(‘subscribe_clicked_id’, withoutlogin_id);
}
document.addEventListener(‘DOMContentLoaded’, function() {
const subscribewithoutData = localStorage.getItem(‘subscribe_without_Login’);
const subscribe_clicked_cat_id = localStorage.getItem(‘subscribe_clicked_id’);
// Function to get cookies
function getCookie(name) {
let value = “; ” + document.cookie;
let parts = value.split(“; ” + name + “=”);
if (parts.length == 2) return parts.pop().split(“;”).shift();
}
// Get user token from cookies
const userToken = getCookie(‘user_token’);
if (subscribewithoutData === ‘true’ && userToken) {
// Call the modal function with the category ID
subscribed_popupmodal(subscribe_clicked_cat_id);
// Remove the flag and category ID from localStorage
localStorage.removeItem(‘subscribe_without_Login’);
localStorage.removeItem(‘subscribe_clicked_id’);
}
});
/************************** update susbcriber content **************************** */
function initializeSubscriptionButton() {
var initialListItems = document.querySelectorAll(‘.subscription-options input[type=”checkbox”]’);
initialListItems.forEach(function(item) {
console.log(item.checked, ‘Initial Checkbox checked status’);
});
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
}
function updateButtonText(anyActive) {
var subscribeButtonSpan = document.querySelector(‘.subscribe-submit .changeBtnText’);
if (subscribeButtonSpan) {
if (anyActive) {
subscribeButtonSpan.textContent=”Subscribe Now”;
} else {
subscribeButtonSpan.textContent=”Unsubscribe”;
}
}
}
function updateSubscriptionButton() {
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
// Update the button text based on whether any list item has the ‘active’ class
updateButtonText(anyActive);
}
document.addEventListener(‘click’, function(event) {
var clickedItem = event.target.closest(‘.subscription-options li’);
if (clickedItem) {
var checkbox = clickedItem.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
checkbox.checked = !checkbox.checked;
updateSubscriptionButton();
}
}
});
FAQs
The CrediX hack was caused by a private key compromise, allowing the attacker admin and bridge access to drain the pool.
Yes. CrediX has assured users that all stolen funds will be recovered within 24–48 hours after the exploit.
Major 2025 hacks include $400M from Coinbase, $220M from Cetus, and millions more from BSC, Phemex, and UPCX exploits.
Source: https://coinpedia.org/news/credix-hit-by-4-5m-hack-attacker-bridges-funds-to-ethereum/