$3M Allegedly Stolen as CrossCurve Crypto Bridge Falls Victim to Exploit
The CrossCurve crypto bridge has issued an urgent warning for users to halt all protocol interactions as the platform investigates a security vulnerability in its smart contract infrastructure.
The CrossCurve crypto platform announced that its cross-chain bridge infrastructure has fallen victim to an attack, with emerging reports indicating approximately $3 million has been drained from multiple blockchain networks.
In a late Sunday announcement on X, CrossCurve disclosed that its bridge infrastructure was "under attack, involving the exploitation of a vulnerability in one of the smart contracts used."
The platform urged users to "pause all interactions with CrossCurve while the investigation is ongoing," it added.
According to Defimon Alerts, a blockchain security-focused account on X, the CrossCurve platform suffered losses of approximately $3 million "on several networks."
The security account explained that a vulnerability in one of CrossCurve's smart contracts enabled any user to create a spoofed message that could circumvent validation processes and release tokens.
"Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2," Defimon Alerts said.
In response to the incident, Curve Finance, which maintains a partnership with CrossCurve, announced on X that participants who have allocated funds to CrossCurve pools "may wish to review their positions and consider removing those votes."
The platform emphasized that "We continue to encourage all participants to remain vigilant and make risk-aware decisions when interacting with third-party projects," it added.
This is a developing story, and further information will be added as it becomes available.