CrossCurve Exploited for $3M in Smart Contract Breach

Edgen Crypto

·Feb 01 2026, 23:05

Share to

Share to

Copy link

Key Takeaways

Crypto bridge protocol CrossCurve has been exploited for approximately $3 million after an attacker leveraged a critical smart contract vulnerability. The protocol has instructed users to halt all interactions while it investigates the breach, and its partner, Curve Finance, has issued a risk advisory to its own users.

$3 Million Lost: Attackers drained funds across multiple networks by targeting a flaw in one of the protocol's core smart contracts.
Critical Vulnerability: The exploit allowed anyone to spoof a cross-chain message to bypass validation safeguards and illegitimately unlock tokens.
Partner Advisory: Curve Finance, a key partner, urged users allocated to CrossCurve pools to review their positions, signaling potential contagion risk for connected protocols.

Smart Contract Flaw Drains $3M from CrossCurve

Late on Sunday, crypto bridge protocol CrossCurve confirmed it was under attack, with security analysts reporting approximately $3 million stolen across several networks. The team disclosed that the incident involved the exploitation of a vulnerability in one of its smart contracts. In response, CrossCurve issued an immediate directive to its users, stating, “Please pause all interactions with CrossCurve while the investigation is ongoing,” to prevent further losses.

Exploit Bypassed Key Validation Safeguards

According to analysis from the blockchain security account Defimon Alerts, the attacker leveraged a fundamental design flaw that compromised the protocol's security checks. The vulnerability allowed anyone to call the expressExecute function on the ReceiverAxelar contract using a spoofed cross-chain message. This action bypassed gateway validation and triggered an unauthorized token unlock. The breach prompted a response from partner protocol Curve Finance, which advised its users in CrossCurve pools to “review their positions and consider removing those votes,” highlighting the interconnected risks within the DeFi ecosystem.