Solana lender Credix pledges full reimbursement after $4.5 million DeFi exploit

Decentralized credit protocol Credix suffered a $4.5 million exploit on Monday after a hacker commandeered one of its administrator wallets and used bridge permissions to mint unbacked tokens and drain liquidity pools, onchain security firms said.

Blockchain sleuth PeckShield traced the breach to address "0xF321…662e," which held sweeping privileges on the Solana-based platform. The attacker leveraged the BRIDGE role to mint fake acUSDC (Sonic USDC) and borrow against it, then bridged assets from the Sonic network to Ethereum before scattering the proceeds across fresh wallets. Web3 Security firm CertiK confirmed the exploit and published three Ethereum addresses that still hold the stolen funds, noting none have yet interacted with exchanges.

Credix acknowledged the security breach on X, disabled its website to prevent users from depositing, and told users to withdraw directly from contracts. In a third post , the team said "all users' funds will be recovered in full within 24–48 hours," without specifying whether recovery will come from treasury reserves, outside capital, or negotiations with the attacker.

The incident adds to a series of access issues plaguing DeFi in 2025. TRM Labs reports that $2.1 billion was stolen in crypto hacks in the first half of 2025, with DeFi protocol exploits accounting for roughly 12% of losses, or approximately $252 million.

Credix is an onchain credit marketplace that connects investors with fintechs and non-bank lenders, primarily in emerging markets, to provide tokenized debt financing. The team, based in Belgium, has raised $73.7 million across four funding rounds.