Particle.news
Download on the App Store
7 ARTICLES
·
yesterday

Solana-Powered CrediX Finance Drained of $4.5 Million in Governance Exploit

Investigators are tracing the $4.5 million through cross-chain bridges with a promise of full user reimbursement within 48 hours.

Defi protocol credix taken offline after $4.5m exploit
Photo: Growtika
CrediX Finance hacked for $4.5m via governance flaw
Image

Overview

  • An attacker gained multisig admin and bridge roles through a misconfiguration in the ACLManager six days before the breach.
  • Elevated privileges allowed the actor to mint unauthorized collateral tokens to drain the protocol’s liquidity pool.
  • Stolen assets were bridged from Solana’s Sonic network to Ethereum in a cross-chain laundering maneuver.
  • CrediX took its site offline and assured users their funds remain secure and accessible via smart contracts.
  • The exploit underscores the ongoing governance and access control risks facing real-world asset lending protocols.