Decentralized finance platform CrediX suffered a $4.5 million exploit after an attacker gained control of a multisig admin account with multiple high-level roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN. The attacker was added as both an Admin and Bridge controller six days prior to the exploit, enabling them to mint unbacked stablecoins (acUSDC tokens) and drain liquidity by borrowing against phantom collateral. The breach led to the platform being taken offline shortly after its launch less than a month ago. CrediX had previously secured a $60 million credit line in 2023. Following the hack, the exploiter agreed to return the stolen funds, with CrediX planning to airdrop the recovered assets to users without pursuing legal action, relying instead on a payout from the treasury. The exact smart contract exploit vector remains undisclosed. This incident highlights ongoing security challenges in the DeFi sector.