A new player in the DeFi lending market was targeted and exploited, resulting in the loss of millions of dollars. This is just one more incident in a year that has already seen significant losses in the cryptocurrency space. Another day, another loss. On-chain security and data analytics company Peckshield announced today that the money market aggregator CrediX was attacked, resulting in approximately $4.5 million in losses. According to Peckshield, the attack was carried out using an admin wallet with various roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN, which allowed the attacker to control and manage the protocol’s funds. The BRIDGE role was used to drain funds, including acUSDC tokens, which are a wrapped version of the USDC stablecoin. The funds were then transferred through various protocols and bridges, including deBridge Finance, Fly (formerly MagPie), Shadow Exchange, and others. CrediX, which launched at the beginning of last month, offers a range of yield strategies, lending options, rewards for participation, and liquidity. The company has acknowledged the breach and promised to return user funds in full within 24 to 48 hours. Unfortunately, this is just another example of the harsh reality of the cryptocurrency world. We are now in the second half of 2025, and it’s safe to say that it has been a turbulent ride. In the first six months of the year, over $3 billion has been lost to hacks and exploits, which is $1 billion more than the total losses in 2024. According to a report by blockchain security audit firm Hacken, access-control exploits have been the most common, accounting for 59% of total losses, followed by smart-contract vulnerabilities at 8%. The rise of DeFi and the use of advanced technologies like AI have made it crucial for institutions and companies to protect their assets and clients. Some of the attacks have been linked to politically motivated groups, while others can be attributed to insider information, cybersecurity vulnerabilities, or human error. Regardless of the source, it’s clear that these attacks are not slowing down, and it’s essential for companies to take necessary precautions to prevent or minimize losses caused by malicious actors.
Source:Read More