CrossCurve, a prominent cryptocurrency protocol, has announced a significant security breach involving its cross-chain bridge. This incident, which occurred late Sunday, has resulted in an estimated loss of $3 million across various blockchain networks, raising alarming concerns regarding the safety of cross-chain infrastructure.
The attack was disclosed through a post on X by CrossCurve, which indicated that a vulnerability in its smart contracts had been exploited. In light of the breach, the protocol has urgently advised users to cease all interactions with CrossCurve while the team investigates the situation.
According to insights from Defimon Alerts, a security firm associated with Decurity, the attacker targeted a specific smart contract within the CrossCurve ecosystem. The exploit stemmed from the contract”s failure to properly verify cross-chain messages, allowing the hacker to spoof a legitimate message. This enabled unauthorized access to the system, leading to the theft of tokens.
More specifically, the report indicated that the attacker was able to invoke a function called expressExecute in the ReceiverAxelar contract. By using a forged cross-chain message, they bypassed essential gateway checks, resulting in the unauthorized release of funds from the PortalV2 contract. The CrossCurve team did not challenge the assessment and is currently investigating the affected contracts.
In a subsequent post, Boris Povar, the CEO of CrossCurve, announced efforts to recover the stolen assets. He publicly reached out to the blockchain addresses believed to have received the stolen tokens, offering a 10% bounty for their return within a 72-hour timeframe. Povar emphasized that the tokens were taken due to a smart contract exploit and requested cooperation to recover the funds. If the assets are not returned promptly, CrossCurve plans to escalate the matter to law enforcement and pursue legal action.
This incident is part of a troubling trend in the cryptocurrency space, where cross-chain bridges and decentralized finance (DeFi) protocols have frequently been targeted by hackers. Over the past few years, billions of dollars have been lost to similar exploits, highlighting the vulnerabilities inherent in cross-chain technology. High-profile cases include the Ronin Bridge hack and attacks on platforms like Wormhole and Nomad, often resulting from failures in message verification.
As security experts have long warned, cross-chain bridges represent significant risks in the crypto landscape. Even minor errors in validation logic can lead to unauthorized token minting or unlocking, culminating in substantial financial losses. The ongoing issues have prompted calls from regulators, developers, and investors for enhanced security measures, including thorough audits and improved monitoring tools.
Despite these warnings, incidents like the one involving CrossCurve serve as stark reminders that vulnerabilities persist, and users must remain vigilant when engaging with decentralized protocols.
