CrediX Recovers $4.5M in Crypto Hack Through Negotiation Deal

Summary

CrediX, a decentralized finance (DeFi) protocol, recently recovered $4.5 million in stolen cryptocurrency after reaching a private settlement with the hacker responsible for the exploit. The breach occurred when attackers gained unauthorized access to CrediX’s multisig admin and bridge wallets, allowing them to mint collateral tokens, borrow against the protocol, and drain its liquidity. The stolen funds were then moved to the Ethereum network using a Tornado Cash-funded wallet. In exchange for returning the assets, the hacker received an undisclosed payment from CrediX’s treasury, and the protocol announced plans to refund affected users within 48 hours (Cointelegraph) (CryptoNews).

This incident highlights a growing trend in the crypto industry where hackers, after exploiting vulnerabilities, are increasingly willing to negotiate and return stolen funds in exchange for bounties or settlements. For example, in July 2025, another attacker returned $40 million to the GMX protocol after being offered a $5 million white hat bounty. These negotiated recoveries are seen as practical solutions that can quickly resolve incidents and minimize losses for users, contrasting with the more traditional approach of pursuing legal action or relying solely on blockchain analysis to track down perpetrators (CryptoNews).

Despite these successful recoveries, the frequency and scale of crypto hacks remain a significant concern. In the first half of 2025 alone, over $2.47 billion was lost to hacks, scams, and exploits, according to security firm CertiK. Nearly 80% of affected cryptocurrencies never recover their value after such incidents, underscoring the need for stronger security measures in the DeFi space. While the willingness of some hackers to return funds is a positive development, the industry must continue to prioritize robust security practices to protect users and prevent future breaches (CertiK).