Another day, another digital heist. The decentralized finance, or DeFi, world is once again facing a stark reminder of its vulnerabilities. Credix, a protocol focused on credit, has just lost about $4.5 million. This happened in an exploit today, confirmed by cybersecurity experts like PeckShield and CertiK.
The attack was quite clever. It seems someone stole login details for a wallet on the Solana network. This wallet had special administrative powers. The attacker then used these “BRIDGE” permissions. They minted fake tokens, specifically acUSDC, which is like a digital stand-in for the real USDC currency on the Sonic network. With these fake tokens, they managed to borrow real funds. After that, they quickly moved the stolen money over to the Ethereum network. PeckShield identified the wallet address used for the attack as “0xF321…662e,” which had those high-level privileges.
Web3 security firm CertiK verified the incident. They even shared three Ethereum addresses where some of the stolen funds still sit. Good news is, these addresses haven’t touched any crypto exchanges yet. This means the money hasn’t been washed or resold. For now, it’s just sitting there, waiting.
Credix Acts Fast to Contain Damage
Credix quickly put out several messages on X, formerly known as Twitter, once they spotted the breach. First, they told everyone about the security problem. They also temporarily shut down their website. This stopped users from putting more money into the system. Next, they told users to directly use the smart contracts to get their assets out.
In a third update, the Credix team made a big promise. They said, “all user funds will be recovered in full within 24 to 48 hours.” However, they didn’t explain how they plan to do this. Will it come from their own cash reserves? Maybe outside investments? Or could they be trying to negotiate with the attacker?
This lack of detail has made some users nervous. But so far, the promise of a full refund has kept a full-blown trust crisis at bay. It’s a tough situation for any company to face.
A Rough Year for DeFi Security
The Credix incident adds to a troubling trend. The DeFi space has seen many security problems in 2025. Recent data shows that hacks tied to cryptocurrencies cost $2.1 billion in the first half of the year.
Out of that massive sum, about 12% — or $252 million — came from attacks on DeFi protocols. These exploits often happen because of weaknesses in smart contracts, stolen passwords, or badly set up permissions. It’s like leaving a back door open.
Many experts are now sounding the alarm. They say protocols need to manage their digital keys better. They also stress the need for constant code checks and closer watch over who has administrative control. It’s all about tightening up security everywhere.
Credix itself is an on-chain credit protocol. It connects investors with financial technology companies and non-bank lenders. They mostly work in places where traditional banks aren’t common. Their business model offers tokenized financing for debt. This helps investors tap into opportunities usually outside the old banking system.
The company is based in Belgium. They have raised $73.7 million over four funding rounds. Their idea has gained popularity. It’s a fresh way to get money to people who don’t have bank access, all built on blockchain technology.
This specific attack didn’t exploit a flaw in Credix’s core smart contract code. Instead, it was about a breach in how administrative wallets were controlled. This kind of event shows a fine line. On one side, you have decentralized operations. On the other, you need strong controls over critical access points. It’s a balance many are still figuring out.
Looking Ahead After the Incident
It remains to be seen if Credix can truly keep its promise. We will find out if they can refund all the money within 48 hours. How well the team recovers these funds and rebuilds trust will be key. It’s important not just for Credix, but for the entire DeFi world.
Users and investors will be watching every move the company makes. Meanwhile, security firms are still keeping an eye on the digital addresses holding the stolen funds.
This event once again raises serious concerns. It highlights the importance of good governance and strong operational security in decentralized protocols. It’s a clear reminder that technology alone does not make a system unbreakable.