{ "id": 61047, "date": "2026-02-02T09:22:40", "date_gmt": "2026-02-02T02:22:40", "guid": { "rendered": "https:\/\/hbbgroup.net\/crypto-protocol-crosscurve-under-attack-3m-reportedly-exploited\/" }, "modified": "2026-02-02T09:22:40", "modified_gmt": "2026-02-02T02:22:40", "slug": "crypto-protocol-crosscurve-under-attack-3m-reportedly-exploited", "status": "publish", "type": "post", "link": "https:\/\/hbbgroup.net\/en_us\/crypto-protocol-crosscurve-under-attack-3m-reportedly-exploited\/", "title": { "rendered": "Crypto protocol CrossCurve under attack, $3M reportedly exploited" }, "content": { "rendered": "
\n

Update (Feb. 2, 12:20 am UTC): This article has been updated to add a post by CrossCurve CEO Boris Povar.<\/p>\n

Crypto protocol CrossCurve said its cross-chain bridge has been attacked, with $3 million reportedly stolen across multiple networks.<\/p>\n

CrossCurve posted<\/a> to X late on Sunday that its bridge was \u201cunder attack, involving the exploitation of a vulnerability in one of the smart contracts used.\u201d<\/p>\n

\u201cPlease pause all interactions with CrossCurve while the investigation is ongoing,\u201d it added.<\/p>\n

Defimon Alerts, an X account linked to the blockchain security company Decurity, reported<\/a> that CrossCurve was exploited for around $3 million \u201con several networks.\u201d<\/p>\n

It added that one of CrossCurve\u2019s smart contracts<\/a> allowed anyone to spoof a message to bypass validation and unlock tokens.<\/p>\n

\u201cAnyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2,\u201d Defimon Alerts said.<\/p>\n

\"Smart
Source: <\/em>Defimon Alerts<\/em><\/a><\/figcaption><\/figure>\n

Curve Finance, which has partnered with CrossCurve, posted<\/a> on X that users who allocated to CrossCurve pools \u201cmay wish to review their positions and consider removing those votes.\u201d<\/p>\n

Source: <\/em>Curve Finance<\/em><\/a><\/figcaption><\/figure>\n

\u201cWe continue to encourage all participants to remain vigilant and make risk-aware decisions when interacting with third-party projects,\u201d it added.<\/p>\n

CrossCurve offers 10% bounty if funds returned in 72 hours<\/h2>\n

In an attempt to contact the attacker, CrossCurve CEO Boris Povar shared<\/a> 10 addresses he said had received tokens from the exploit and offered a reward<\/a> for their return within 72 hours.<\/p>\n

\u201cThese tokens were wrongfully taken from users due to a smart contract exploit. We do not believe this was intentional on your part, and there is no indication of malicious intent,\u201d he said. \u201cWe hope for your cooperation in returning the funds.\u201d<\/p>\n

Povar offered up<\/a> to a 10% bounty if the funds were returned within 72 hours of the attack.<\/p>\n

Related: <\/strong><\/em>Step Finance treasury wallets breached, $27M in SOL drained as STEP crashes 90%<\/strong><\/em><\/a><\/p>\n

\u201cIf the funds are not returned or no contact is established within 72 hours, we will have to assume there is malicious intent and treat this as a judicial matter,\u201d he added.<\/p>\n

Povar said CrossCurve was prepared to work with law enforcement, file civil lawsuits to recover damages, and coordinate with authorities and other crypto projects to freeze assets if the funds were not returned.<\/p>\n

Magazine: <\/strong><\/em>Meet the onchain crypto detectives fighting crime better than the cops<\/strong><\/em><\/a><\/p>\n