Lending Platform CrediX Loses $4.5 Million in Exploit

A newcomer to the DeFi lending space was targeted, and a weakness was exploited, resulting in the loss of millions.

This is yet another addition to the already substantial amount of crypto losses for the current year.

Another Day, Another Loss

The on-chain security and data analytics company Peckshield stated earlier today on X that the money market aggregator CrediX suffered an attack, resulting in approximately $4.5 million in losses.

The firm noted that an admin wallet account ending in “EC662e” with various roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN, was used in the scheme. These all have varying functions that control and manage the protocol’s funds.

The bridge role is the one that led to the draining of funds, which included acUSDC tokens, which are a wrapped version of the USDC stablecoin. The outflows were carried out through various protocols and bridges, including deBridge Finance, Fly (formerly MagPie), Shadow Exchange, and others.

According to their history of posts, CrediX went live at the beginning of last month, offering a variety of yield strategies, lending options, rewards for participation, and liquidity. They have acknowledged the breach and promised to return user funds in full within 24 to 48 hours.

Painful Reality

We recently crossed into the latter half of 2025, and it would be lightly putting it in saying that it’s been a “bumpy” ride. The year so far has seen over $3 billion lost to hacks and exploits of vulnerabilities, which is $1 billion more than for the whole of 2024 combined.

You may also like:

• Balancer’s $120M Meltdown: How A Series of Small Swaps Almost Broke a Top AMM
• XUSD Stablecoin Crashed 70% After $93M Stream Finance Loss
• OG DeFi Giant Balancer Exploited for $128M: Forks Are Now Bleeding Out Too

Hacken, the blockchain security audit firm’s report, which CryptoPotato covered, paints a clear picture:

“In these first six months of 2025, access-control exploits have dominated, accounting for about 59% of total losses (roughly $1.83 billion) drained from both centralized and decentralized platforms. Smart-contract vulnerabilities made up around eight percent, with $263 million lost in the first half, including the $223 million Cetus exploit that marked DeFi’s worst quarter since early 2023 with 300m drained across all the hacks.”

With the rise of DeFi adoption and the emergence of technologies like AI, it’s becoming of paramount importance for institutions and companies to safeguard their assets and clients. Some of the attacks have been linked to politically inclined organizations such as the Lazarus group, while others can be attributed to insider information, cybersecurity vulnerabilities, or human error.

Regardless of where the malicious intent originates, it’s not slowing down, so due diligence will go a long way in helping to reduce or eradicate losses caused by bad actors.