Decentralised finance protocol CrediX has recovered $4.5 million in stolen digital assets following a private negotiation with the exploiter, offering a rare positive turn in what has otherwise been a devastating year for crypto security. The breach, which occurred earlier this week, saw the funds illicitly transferred to the Ethereum blockchain via a wallet funded through Tornado Cash, a crypto mixer often linked to obfuscating illicit funds.

Blockchain security firm Cyvers first identified the exploit, noting suspicious activity shortly after the breach. CrediX later confirmed the incident, stating that they had successfully “reached a parley with the exploiter”, who agreed to return the stolen assets within 24 to 48 hours.

The catch? An undisclosed payment was made to the attacker from the CrediX treasury, highlighting the growing trend of settlements being used to recover funds in the face of increasing cyberattacks.

Refunds Promised Within 48 Hours

CrediX has assured its community that all affected users will receive their refunded assets via airdrop within 48 hours. This timely recovery sets a hopeful precedent in a year that has seen crippling losses from similar attacks across the DeFi landscape.

The protocol did not clarify whether the payment to the attacker would be classified as a white hat bounty, and Cointelegraph has reportedly reached out to CrediX for more details regarding the negotiation and the settlement’s legal and ethical framing.

Though unconventional, such deals are becoming more common as protocols seek to limit long-term damage, reputational loss, and user attrition.

2025: A Record Year for Crypto Exploits

The CrediX case adds to an already grim tally. According to CertiK, the first half of 2025 has seen over $2.47 billion lost to hacks, exploits, and scams. Q2 alone accounted for over $800 million in losses across 144 reported incidents, though this marked a 52% decrease from Q1.

Among the notable recent exploits:

• GMX Protocol recovered $40 million in July 2025 after offering a $5 million white hat bounty to the exploiter.
• In May 2024, a wallet poisoning scam saw $71 million returned under pressure from blockchain forensic firms, with suspicions pointing toward a Hong Kong-based attacker.

According to security firm Immunefi, nearly 80% of cryptocurrencies fail to recover their market value after an exploit, even if the stolen funds are returned. The psychological and economic blow to user confidence often results in prolonged devaluation, making prevention far more effective than post-hack restitution.

Traditional Finance Also Under Attack

While DeFi continues to dominate headlines for major hacks, traditional financial infrastructure has also been in the crosshairs of cybercriminals. On July 5, C&M Software, which facilitates connections between Brazil’s Central Bank and local financial institutions, suffered a breach that saw $140 million siphoned across six banks.

The incident reportedly stemmed from a C&M employee selling login credentials to the attacker for approximately $2,700, showcasing how insider threats continue to plague even centralised systems.

Negotiated Returns: A Double-Edged Sword

As blockchain forensics improve and anonymity wanes, more hackers appear to be settling rather than fleeing. While these negotiations offer a path to fund recovery, they also blur ethical boundaries, possibly incentivising future exploits in hopes of a hefty payout.

With cybercrime evolving rapidly and the crypto industry still grappling with regulatory gaps, incidents like the CrediX breach underscore the urgent need for robust security protocols, real-time threat detection, and cross-border cooperation to deter attackers.