CrediX Exploited: $60M DeFi Lender Drained on Solana

Solana-Based DeFi Lender CrediX Exploited

CrediX, a decentralized finance (DeFi) platform on Solana focused on tokenizing private credit, confirmed a security breach on Monday. The incident led to a significant drain of liquidity from its lending pool.

Key Takeaways:

• CrediX suffered an exploit after an attacker gained unauthorized multisig admin and bridge controller roles.
• The attacker subsequently drained the protocol’s liquidity pool.
• CrediX has temporarily disabled its website as a precautionary measure.

According to blockchain security firm SlowMist, the attacker was added as both an Admin and Bridge via the ACLManager six days prior to the exploit. This critical change in permissions allowed the attacker to mint collateral tokens directly from the lending pool.

By assuming the Bridge role, the attacker illegitimately minted tokens and then used them to borrow a substantial amount of assets, effectively emptying the protocol’s liquidity.

CrediX has initiated an investigation into the exploit. As a preventative measure, the platform's website is currently offline to halt new deposits. The team has assured users that funds remain safe and accessible through smart contracts directly, with a full recovery expected within 24 to 48 hours.

Prior to the incident, CrediX had secured $60 million in credit financing to support small and medium-sized enterprises (SMEs) in Latin America, partnering with a U.S.-based alternative investment management firm managing a $3 billion portfolio.