- The attacker got an administrator access six days before the attack.
- After mining a fake mortgage token, he borrowed $ 26 million.
- Hacken calls for real -time AI monitoring on Defi wallet security.
The dispersed financial sector once again shaken by major exploitation.
The project is said to have lost $ 4.5 million due to attack due to personal compromise and governance access.
The attacker crossed the network to connect the funds, used management access, and drained the Credix pool using a mint token.
The incident has been added to dominate the security of the multi -cage wallet, which has led to $ 3.1 billion in cryptocurrency by 2025.
Funds from offline to platform from Sonic to Ether Lee
CREDIX later took an offline website to prevent additional deposits.
CERTIK, a blockchain security company, confirmed that theft was transferred to Ether Leeum in Sonic Network.
Web3 Security Platform Cyvers Alerts showed several suspicious transactions on Sonic, and in Ether Lee, traced a address that provides funding through tornado cash.
The address was funded by SONIC and cost about $ 26 million in Credix.
This fund is likely to have been extracted using the mortgage tokens issued by the attacker after obtaining a backdoor access.
Administrator access and bridge rights have made token mining exploit possible.
According to SLOWMIST, an on -chain security provider, the attacker has been managed and bridges in the Credix Multisig wallet six days before use.
This role was assigned using ACLMANAGER in the protocol.
Through the bridge -level access, the attacker was able to Mint the collateral token through the Credix Pool, then used to borrow assets and ultimately protocols.
This type of abuse emphasizes the important risks associated with decentralized governance models, especially role -based access control.
Inappropriate supervision of allocation, especially in multi -sig environments, is inappropriate. Leave the defect protocol exposed to internal or external compromise.
Most 2025 Multi -Sea Wallets connected to the loss of encryption
The Credix case is part of this widespread trend this year.
According to a security company Hacken’s report, $ 3.1 billion in encryption was lost in the first half of 2025, and in most cases it is related to multi -seat wallets.
This wallet was often violated through social engineering tactics, fake interfaces or incorrect signatures.
The biggest known attack this year remains $ 14.6 billion by the attacker, using a spin -ping interface to deceive the multicignigator.
Hacken says real -time threat detection is priority.
As the frequency of such events increased, Hacken recommended it to be far from the existing one -time security audit.
Instead, the company advocates a real -time AI -based security system that monitors multicimatics and immediately flags abnormal behavior.
According to Hacken, more than 80% of this year’s encryption loss is from access control disorders.
The company urges the platform to implement more stringent signators, implement a harder rules -based automation, and handle the interface and signators as essential for system security.
On the other hand, CREDIX aimed to recover the stolen funds within 24-48 hours, but now there is no more detailed information.