Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

CrossCurve Suffers $3M Loss in Cross-Chain Smart Contract Breach

Defimon Alerts says attackers spoofed cross-chain messages, bypassed validation, and unlocked tokens via Axelar-linked contracts, draining funds.

Written By Ronak Kumar
Fact Checked by Gopal Solanky
Published 2026-02-02
Make The Crypto Times preferred on GoogleGoogle
Share
CrossCurve Suffers $3M Loss in Cross-Chain Smart Contract Breach

Key Highlights

  • CrossCurve’s cross-chain bridge exploit drained about $3 million after attackers bypassed smart contract validation.
  • The protocol paused operations and offered a 10% bounty for fund recovery within 72 hours, while Curve warned users to review exposure.
  • The incident highlights ongoing security risks in cross-chain bridges, a major source of repeated crypto losses.

Cross-chain crypto protocol CrossCurve has confirmed that its bridge was exploited in a smart contract attack, resulting in the loss of approximately $3 million across multiple blockchain networks. 

The incident, disclosed late Sunday, once again underscores the persistent security risks surrounding cross-chain bridges, one of the most vulnerable components in decentralized finance (DeFi).

CrossCurve announced on X that its bridge was “under attack,” citing the exploitation of a vulnerability in one of the smart contracts used for cross-chain operations. The protocol immediately urged users to suspend all interactions as the team works on the breach. 

⚠️ URGENT Security Notice

Dear users,

Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.

Please pause all interactions with CrossCurve while the investigation is ongoing.

We appreciate your patience and… pic.twitter.com/yfo1KvWoDd

— CrossCurve (@crosscurvefi) February 1, 2026

Blockchain security analysts later confirmed that the exploit allowed attackers to bypass critical validation checks and unlock tokens without proper authorization. 

What happened and how the attack worked

According to Defimon Alerts, shared by blockchain security company Decurity, the attacker used a vulnerability that enabled anybody to spoof a cross-chain message. 

The vulnerability existed in a smart contract linked to CrossCurve’s Axelar-based receiver system. The attacker reportedly called a function called expressExecute on the ReceiverAxelar contract with a forged message.

This bypassed gateway validation and triggered token unlocks on the PortalV2 contract. As a result, assets were released without backing, allowing the attacker to drain funds across several networks.

Defimon Alerts estimated total losses at around $3 million, though the final figure may change as investigations continue. At the time of writing, CrossCurve has not released a complete breakdown of affected assets or chains.

CrossCurve @crosscurvefi (ex https://t.co/4HJ33uOZUS) has been exploited for around 3 million on several networks.

Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2.… pic.twitter.com/EfYe3Tfo9v

— Defimon Alerts (@DefimonAlerts) February 1, 2026

Response from CrossCurve and Curve Finance

In an effort to recover the stolen funds, CrossCurve CEO Boris Povar publicly shared 10 wallet addresses believed to have received assets from the exploit. He offered a bounty of up to 10% if the funds are returned within 72 hours, a practice commonly referred to as a “white hat” reward.

According to Povar, in case of no contact within the given time frame, CrossCurve will consider the incident as malicious and seek legal alternatives. These include working with law enforcement, filing civil lawsuits, and coordinating with other crypto projects to freeze funds where possible.

Curve Finance that has collaborated with CrossCurve also released a statement that urged users who had invested their votes in CrossCurve pools to reevaluate their hold. The Curve team insisted on the need to be risk-conscious in making decisions when dealing with third-party protocols.

In light of the recent security incident involving https://t.co/3Wv3pEhCu8 (== CrossCurve):

Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and… https://t.co/chd5YBOXhr

— Curve Finance (@CurveFinance) February 1, 2026

Why this matters for the crypto industry

Cross-chain bridges have long been a major attack surface in crypto. Over the past few years, bridge exploits have accounted for billions of dollars in losses. 

High-profile incidents include the Ronin Bridge hack, the Wormhole exploit, and the Nomad bridge failure, all of which involved flaws in message verification or validation logic.

The CrossCurve incident is another case of a well-known pattern of a small error in validation code resulting in a massive loss of assets within a few days. Such incidents still bring questions to regulators, investors and developers regarding security assumptions of cross-chain systems.

Related security trends and recent attacks

The broader threat landscape is also evolving. In a recent case, cybersecurity researchers at ReversingLabs uncovered malware hidden inside Ethereum smart contracts.

The hackers exploited the Node Package Manager (NPM) with counterfeit JavaScript packages to covertly extract malicious commands out of the blockchain to enable malware to bypass the usual security checks.

Collectively, these events indicate that attackers are becoming more likely to take advantage of the trust and transparency of blockchain infrastructure itself, and not necessarily by using overtly malicious activity.

How users can stay safe

To the users, the CrossCurve exploit is yet another reminder that there is real risk to interacting with DeFi protocols. Security experts suggest not using new bridges or those with a low audit, exposure to cross-chain products, and keeping a close eye on the announcements of protocols. 

Possible losses can also be minimized by using hardware wallets, not signing blind contracts, and diversifying assets in platforms.

As investigations into the CrossCurve exploit continue, the incident reinforces a central reality of decentralized finance: innovation often moves faster than security, and users remain the final line of defense.

Also Read: Makina Finance Hacked: MEV Bot Snipes 1,299 ETH in $4M Protocol Exploit

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:DeFiSmart Contracts
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Senator Tillis Floats Stablecoin Yield Safeguard in CLARITY Act Talks
Senator Tillis Floats Stablecoin Yield Safeguard in CLARITY Act Talks
Hyperliquid Meets SEC Crypto Task Force Over U.S. Regulations
Hyperliquid Meets SEC Crypto Task Force Over U.S. Regulations
CFTC Invokes Emergency Powers to Halt Kalshi Trade Cancellations
CFTC Invokes Emergency Powers to Halt Kalshi Trade Cancellations
Circle, Coinbase Join 40+ Firms Backing Linux Foundation's x402
Circle, Coinbase Join 40+ Firms Backing Linux Foundation’s x402
JTX Goes Live With Solana Spot Trading for Early Adopters
JTX Goes Live With Solana Spot Trading for Early Adopters

Find Us on Socials

You may also like

CleanSpark Stock (CLSK) Jumps 9% After $6.6B AI Data Center Deal

CleanSpark Stock (CLSK) Jumps 9% After $6.6B AI Data Center Deal

Coinbase Quietly Reopens Access for Mainland China Users

Coinbase Quietly Reopens Access for Mainland China Users

Memecoins See $1.2B Selling Pressure on Binance Since Bitcoin Peak

Memecoins See $1.2B Selling Pressure on Binance Since Bitcoin Peak

Ripple Bets on AI Payments With Linux Foundation’s x402

Ripple Bets on AI Payments With Linux Foundation’s x402

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information