Overview
- The attacker has agreed to return all $4.5 million in exchange for an undisclosed payment from CrediX’s treasury, with funds expected within 24 to 48 hours.
- Security firm SlowMist flagged that the attacker was added as an Admin and Bridge controller via the ACLManager six days before the exploit, compromising governance controls.
- The governance flaw enabled the attacker to mint unbacked collateral tokens, borrow against the lending pool and drain CrediX’s liquidity.
- Stolen assets were bridged from the Sonic network to Ethereum and now rest in three separate wallets awaiting recovery.
- The breach contributes to $3.1 billion in DeFi losses tied to multisig failures in 2025 and underscores calls for AI-driven real-time monitoring and stricter access controls.