Blockchain security firms SlowMist and PeckShield said on 4 August that decentralised-finance lender CrediX was drained after a hacker gained broad administrative privileges through the project’s multisignature wallet. A transaction executed six days earlier quietly added the attacker’s address as both an admin and a bridge operator, giving the account authority to mint collateral and move funds out of the protocol. On Thursday the attacker used the elevated “BRIDGE” role to borrow or withdraw the remaining assets from CrediX’s liquidity pools, according to on-chain data cited by PeckShield. The platform disabled its website and halted new deposits while investigators assess the damage. CrediX has not released an official loss estimate, but industry analysts warn that the exploit could threaten a US$60 million credit facility the Singapore-based project secured in 2023. Security teams are tracking the attacker’s addresses and advising users to revoke any outstanding approvals linked to the protocol.