Solana-based DeFi lender CrediX exploited; attacker granted admin access and drained liquidity pool

Key Takeaways

• CrediX suffered an exploit after an attacker gained multisig admin and bridge controller roles, draining the protocol's pool.
• The incident forced CrediX to disable its website.

Share this article

CrediX, a Solana-based decentralized finance (DeFi) platform that tokenizes private credit, was exploited on Monday, according to a statement released the same day.

Blockchain security firm SlowMist, which first flagged the incident, reported that CrediX was exploited after a malicious actor was added as both an Admin and a Bridge via the ACLManager six days before the attack.

The permissions change enabled the attacker to assume the Bridge role and mint collateral tokens directly from the lending pool. Using these illegitimately minted tokens, the attacker borrowed a large amount of assets, effectively draining the protocol’s liquidity.

CrediX announced that an investigation is ongoing and, as a precautionary measure, its website has been temporarily disabled to prevent any new user deposits.

The team assured users that all funds are safe and can still be accessed directly through smart contracts.

According to the statement, full recovery of user funds is expected within 24 to 48 hours.

CrediX previously secured $60 million in credit financing to support small and medium-sized enterprises (SMEs) in Latin America through priority debt financing, collaborating with a US alternative investment management firm with a $3 billion portfolio.

Share this article