Solana-based DeFi lender CrediX exploited; attacker granted admin access and drained liquidity pool

Share this article

CrediX, a Solana-based decentralized finance (DeFi) platform that tokenizes private credit, was exploited on Monday, according to a statement released the same day.

Credix seems to have had a security breach. We are investigating and will share details soon

— CrediX (@CrediX_fi) August 4, 2025

Blockchain security firm SlowMist, which first flagged the incident, reported that CrediX was exploited after a malicious actor was added as both an Admin and a Bridge via the ACLManager six days before the attack.

🚨SlowMist TI Alert🚨

MistEye detected that @CrediX_fi has been exploited.

The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M

This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET

— SlowMist (@SlowMist_Team) August 4, 2025

The permissions change enabled the attacker to assume the Bridge role and mint collateral tokens directly from the lending pool. Using these illegitimately minted tokens, the attacker borrowed a large amount of assets, effectively draining the protocol’s liquidity.

CrediX announced that an investigation is ongoing and, as a precautionary measure, its website has been temporarily disabled to prevent any new user deposits.

The team assured users that all funds are safe and can still be accessed directly through smart contracts.

According to the statement, full recovery of user funds is expected within 24 to 48 hours.

All users funds will be recovered in full within 24-48 hours

— CrediX (@CrediX_fi) August 4, 2025

CrediX previously secured $60 million in credit financing to support small and medium-sized enterprises (SMEs) in Latin America through priority debt financing, collaborating with a US alternative investment management firm with a $3 billion portfolio.

Share this article