Crypto Hack: CrossCurve Warns Users to Halt Activity as Bridge Comes Under Attack

Key Insights:

• CrossCurve urges users to halt activity after a $3M bridge crypto hack linked to smart contracts.
• Defimon Alerts cites ReceiverAxelar spoofing that bypassed validation and unlocked tokens on PortalV2.
• CrossCurve names 10 addresses, offers a 10% bounty, and sets a 72-hour return deadline.

Crypto hack news spread into the market after CrossCurve warned of an active bridge attack. The DeFi protocol told users to halt all interactions immediately. It said the incident caused about $3 million in losses.

CrossCurve said attackers exploited a smart contract vulnerability. The project posted the warning on X during the incident. It urged users to pause activity while the team investigated.

CrossCurve said some addresses received tokens taken from other users. It called those tokens “wrongfully taken” based on the crypto hack report, which stated that it found no malicious intent.

In addition, the team asked recipients to return the funds. It identified 10 addresses tied to the unexpected receipts. It also requested cooperation while it traced the movements.

Crypto Hack: Smart Contract Flaw Linked to Spoofed Cross-chain Messages

Defimon Alerts said the crypto hack involved a CrossCurve contract named ReceiverAxelar. The account noted that anyone could spoof a cross-chain message. It added noting that spoofing bypassed gateway validation checks.

Defimon Alerts said the bypass triggered unauthorized token unlocks. It pointed to unlock activity on the PortalV2 contract. However, CrossCurve stated it is still reviewing the breach details.

CrossCurve later added more context about its architecture. In addition, it highlighted that it runs a cross-chain DEX and consensus bridge. It also claimed that it built the system with Curve Finance.

The protocol previously operated under the EYWA Protocol name. CrossCurve described a “Consensus Bridge” mechanism in its materials. It said the design uses multiple validation routes.

CrossCurve reported that the crypto scam routes include Axelar, LayerZero, and EYWA Oracle Network. It added that the structure aims to reduce single points of failure. However, Monday’s incident raised new scrutiny.

Following the crypto hack news, CrossCurve highlighted a security assumption in its documentation. It said multiple bridge protocols rarely fail simultaneously. The exploit unfolded even as that claim circulated.

Curve Finance Flags Vote Exposure After CrossCurve Warning

In response to the crypto hack news, Curve Finance posted guidance following the CrossCurve alert. It told users to review votes tied to related pools. It said they may want to remove those votes.

Curve Finance also urged vigilance around third-party projects. It framed the message as a position review reminder. However, CrossCurve did not dispute the Curve Finance note.

CrossCurve said Curve Finance founder Michael Egorov backed the protocol. It said Egorov became an investor in September 2023. It also said the project raised $7 million from VCs in 2023.

The incident drew comparisons to earlier bridge exploits. CrossCurve cited Nomad’s 2022 bridge hack in its materials. It said the breach resulted in about $190 million in losses.

CrossCurve also referenced estimates tied to Nomad’s impact. It cited an estimated 8,000 compromised Solana wallets. It did not claim the same pattern here.

Crypto Hack News coverage also tracked how CrossCurve described recipients. The team said it believed transfers were not intentional. It also avoided calling the event a crypto scam.

A Closer Look into the Crypto Hack Update

CrossCurve offered a recovery path under its Safe Harbor policy. It said a white-hat helper can receive a 10% bounty. It claimed that the helper keeps up to 10% of the funds returned.

CrossCurve set a 72-hour return deadline for the crypto hack. It said it expects effective communication during that period.

Moreover, the team listed criminal and civil actions as options. It also said it may coordinate with exchanges. It named Coinbase and Binance in that escalation plan.

CrossCurve also listed stablecoin issuers among possible partners. It referenced law enforcement support for follow-up actions. It added on-chain analytics firms to the response list.

The project named Chainalysis, TRM Labs, and Elliptic. It said these firms can support tracing and coordination of the crypto hack.

Andrew Morfill, Komainu’s CISO, commented on prevention steps. He cited secure templates, audits, and secure development lifecycles. He said mature protocols should ship updates securely.