CrossCurve Bridge Under Attack; $3M Exploited Across Networks

CrossCurve reported late on Sunday that its cross-chain bridge was under attack following the exploitation of a smart contract vulnerability, and advised users to halt all interactions with the protocol while an investigation is underway. The blockchain security-focused X account Defimon Alerts estimated that about $3 million was stolen across multiple networks.

In its X post, CrossCurve said the incident involved “the exploitation of a vulnerability in one of the smart contracts used” and asked users to pause activity until further notice.

Defimon Alerts said one of CrossCurve’s contracts allowed messages to be spoofed to bypass validation and unlock tokens. “Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2,” the account wrote.

Source: Defimon Alerts

Curve Finance, which has a partnership with CrossCurve, posted on X that users who allocated to CrossCurve pools “may wish to review their positions and consider removing those votes.” It added that participants should remain vigilant and make risk-aware decisions when interacting with third-party projects.

This is a developing story. Additional details will be provided as they become available.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.