Credix Finance Mint Exploit
A flaw in Credix Finance's credit-token minting logic on BNB Chain let an attacker mint and redeem against fabricated positions, draining $4.5M from the pool.
- Date
- Victim
- Credix Finance
- Chain(s)
- Status
- Funds Stolen
On August 6, 2025, the BNB Chain credit/lending protocol Credix Finance lost approximately $4.5 million through a flaw in its credit-token minting and collateral accounting. The attacker fabricated collateral positions, minted credit tokens against them, and redeemed for the pool's real assets.
What happened
Credix's mint/collateral logic failed to fully validate the backing of minted credit tokens, allowing the attacker to mint against positions that didn't represent real value and then withdraw the pool's USDT/BUSD (~$4.5M).
Aftermath
- Protocol paused; minimal recovery.
Why it matters
Credix is another mint-against-unvalidated-collateral case — structurally the same as Cashio, Qubit, and Resupply. The single most repeated lending/stablecoin failure in the catalogue reduces to one sentence: every unit of minted/borrowed value must be provably backed by validated collateral, checked at mint time, with no path that credits unbacked positions. Credix is a 2025 BSC restatement of a lesson the catalogue has recorded, in dozens of forms, since 2020.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-credix-finance-hack-august-2025
- [02]coindesk.comhttps://www.coindesk.com/business/2025/08/04/defi-protocol-credix-taken-offline-after-usd4-5m-exploit
- [03]rekt.newshttps://rekt.news/credix-rekt