CrossCurve Bridge Hacked, How $3M Lost in Cross-Chain Attack
0
0
This article was first published on The Bit Journal. Cross-chain crypto protocol CrossCurve has confirmed that its bridge infrastructure was compromised in a smart contract attack, with the CrossCurve exploit resulting in losses estimated at roughly $3 million across several blockchain networks. The incident, which was revealed late on Sunday, underscores endemic security vulnerabilities in cross-chain systems, which is among the most common attack types in the field of decentralized finance.
CrossCurve Exploit Linked to Messaging Vulnerability
In an announcement posted to X, CrossCurve wrote that its bridge was under attack by hackers who had used a vulnerability in one of the smart contracts that perform cross-chain messaging. The protocol itself recommended users to cease all communications as the group researches and makes an effort to contain the CrossCurve exploit.
Later on, analysis by blockchain security companies found that the attacker could bypass the important validation checks in the bridge architecture. Defimon Alerts, a service provided by Decurity, claimed that the CrossCurve exploit was the result of a vulnerability that enabled cross-chain messages to be spoofed so that unauthorized unlocks of tokens could be made.
⚠️ URGENT Security Notice
Dear users,
Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.
Please pause all interactions with CrossCurve while the investigation is ongoing.
We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
— CrossCurve (@crosscurvefi) February 1, 2026
CrossCurve Exploit Caused Multichain Asset Losses
Investigators reported that the vulnerability lay in a smart contract related to a CrossCurve receiver system based on Axelar. The attacker supposedly invoked expressExecute function in the ReceiverAxelar contract with a forged message bypassing gateway checks. This caused the PortalV2 contract to issue assets without adequate support, and the money was pumped out of the various chains during the CrossCurve exploit.
Defimon Alerts approximated the total value of assets lost in CrossCurve exploit to be about 3 million dollars but this number may vary, as on-chain forensics is ongoing. CrossCurve has not yet released a comprehensive list of the tokens or networks that were impacted.
CrossCurve @crosscurvefi (ex https://t.co/4HJ33uOZUS) has been exploited for around 3 million on several networks.
Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2.… pic.twitter.com/EfYe3Tfo9v
— Defimon Alerts (@DefimonAlerts) February 1, 2026
CrossCurve Offers Bounty to Recover Funds
CrossCurve CEO Boris Povar publicly posted 10 wallet addresses suspected of being connected to the CrossCurve exploit in an attempt to recover the stolen money. He provided a bounty of up to 10 percent of the recovered funds in case of the assets being returned within 72 hours, which he described as a possible white hat solution.
Povar further stated that, failing to receive any form of communication within the timeframe will cause the protocol to consider the CrossCurve exploit malicious and seek legal action, such as with law enforcement, legal action, and liaising with other crypto projects to freeze funds when feasible.
In light of the recent security incident involving https://t.co/3Wv3pEhCu8 (== CrossCurve):
Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and… https://t.co/chd5YBOXhr
— Curve Finance (@CurveFinance) February 1, 2026
Curve Finance Issues Warning After Exploit
CrossCurve exploit was also followed by a word of caution issued by Curve Finance, which has worked with CrossCurve. The Curve team encouraged users who had placed bets on CrossCurve pools to review their bets and risk awareness in dealing with third-party protocols is essential.
Cross-chain bridges have always been one of the most exploited items of the crypto ecosystem. During the last few years, vulnerabilities in message verification and validation logic have cost billions of dollars; some of the notable examples are the Ronin Bridge hack, the Wormhole exploit, and the Nomad bridge collapse. The CrossCurve exploit has a common theme where the reason behind massive asset losses is due to a small validation error.
Security Researchers Warn About Advanced Threats
Security researchers caution that the greater threat environment is getting more advanced. More recently, in another discovery, the cybersecurity company ReversingLabs found malware embedded in Ethereum smart contracts, and distributed as forged Node Package Manager (NPM) JavaScript packages.
Malicious commands were also extracted via the technique through on-chain data, which could be used by attackers bypassing the standard security checks, which has evolved in this manner similar to these tactics observed in CrossCurve exploit.
CrossCurve Exploit Warns Users About DeFi
The CrossCurve exploit is another warning to users of the dangers in dealing with DeFi protocols. Researchers still recommend that people should be cautious, stay off untested or recently opened bridges, never sign contracts blind, keep hardware wallets, and have multiple platforms.
Although the CrossCurve exploit is still being investigated, the event reinforces a persistent truth in decentralized finance that innovation can always stay ahead of security, and that users are left as the last line of defense.
Conclusion
The CrossCurve exploit serves as a stark reminder of the persistent risks in DeFi, particularly with cross-chain bridges. With the rate of innovation being higher than security, users need to be more aware, access audited platforms, hardware wallets, and practice carefully, and current investigations seek to restore stolen resources and ensure future security.
Follow us on Twitter and LinkedIn, and join our Telegram channel to be instantly informed about breaking news!
Summary
- CrossCurve’s cross-chain bridge was exploited, causing roughly $3 million in losses across multiple networks.
- Attackers bypassed validation checks using forged cross-chain messages to unlock unbacked tokens.
- The protocol provided a 10 percent white hat bounty and threatened to take legal action in case of non-payment of money.
- The attack points out to the long term security vulnerability of cross-chain DeFi bridges.
Glossary of Key Terms
CrossCurve Exploit: Security breach causing ~$3M loss via smart contract flaw.
ReceiverAxelar: CrossCurve contract that receives and validates messages.
expressExecute Function: Contract function exploited to unlock tokens fraudulently.
PortalV2 Contract: Contract issuing assets across chains, used in exploit.
White Hat Bounty: Reward for returning stolen assets ethically.
Defimon Alerts: Blockchain monitoring service reporting the exploit.
Curve Finance: DeFi protocol that issued warnings after the exploit.
Validation Checks: Security steps to confirm transactions or messages.
Frequently Asked Questions about CrossCurve Exploit
1. What happened in the CrossCurve exploit?
CrossCurve’s bridge was hacked, causing an estimated $3M loss by exploiting smart contract vulnerabilities.
2. How was it done?
Attackers spoofed cross-chain messages and triggered token unlocks via the ReceiverAxelar and PortalV2 contracts.
3. What is CrossCurve doing?
CEO offered a white hat bounty of 10% for returned funds; legal action may follow.
4. How can users stay safe?
Use audited bridges, hardware wallets, avoid blind contracts, and diversify assets.
References
Read More: CrossCurve Bridge Hacked, How $3M Lost in Cross-Chain Attack">CrossCurve Bridge Hacked, How $3M Lost in Cross-Chain Attack
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio you’re using to start.