Crypto bridge CrossCurve has told users to pause interacting with its protocol while it conducts an investigation into a smart contract breach.
Crypto protocol CrossCurve said its cross-chain bridge has been attacked, with reports that $3 million has stolen across multiple networks.
CrossCurve posted to X late on Sunday that its bridge was โunder attack, involving the exploitation of a vulnerability in one of the smart contracts used.โ
โPlease pause all interactions with CrossCurve while the investigation is ongoing,โ it added.
The blockchain security-focused X account Defimon Alerts said CrossCurve was exploited for around $3 million โon several networks.โ
It added that one of CrossCurveโs smart contracts allowed anyone to spoof a message to bypass validation and unlock tokens.
โAnyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2,โ Defimon Alerts said.
Curve Finance, which has partnered with CrossCurve, posted on X that users who allocated to CrossCurve pools โmay wish to review their positions and consider removing those votes.โ
Related: Step Finance treasury wallets breached, $27M in SOL drained as STEP crashes 90%
โWe continue to encourage all participants to remain vigilant and make risk-aware decisions when interacting with third-party projects,โ it added.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
This is a developing story, and further information will be added as it becomes available.
