Cross-chain bridge CrossCurve was attacked due to a smart contract vulnerability, with at least $3 million worth of cryptocurrency stolen, Cointelegraph reported on Feb. 1 local time.
CrossCurve posted on social media platform X saying, "The protocol has been attacked and we are investigating, so please stop all transactions."
CrossCurve has currently halted all transactions and is taking steps to prevent further losses. CrossCurve is a DeFi protocol launched in June 2024. It provides a function that connects multiple blockchains, including Ethereum (ETH), Avalanche (AVAX), Polygon (MATIC) and Arbitrum (ARB).
Defimon Alerts, a DeFi security account, said one CrossCurve smart contract contained a vulnerability that could bypass validation. It analysed that an attacker exploited it to illegally withdraw tokens using forged messages. Curve Finance, which has a partnership with CrossCurve, also moved to respond. Curve Finance urged investors to withdraw their votes for CrossCurve pools and stressed, "You should always make careful decisions when interacting with third-party projects."
Chi-gyu Hwang
delight@d-today.co.kr