A contemporary safety incident has hit the DeFi sector, with the crosscurve hack underscoring rising considerations round cross-chain protocols and on-chain infrastructure.
CrossCurve bridge hit by $3 million exploit
CrossCurve, a decentralized cross-chain liquidity protocol, confirmed that its bridge infrastructure was attacked, with estimated losses of round $3 million. The group disclosed the incident after detecting suspicious exercise affecting one in all its deployed good contracts.
The exploit comes amid a broader rise in crypto assaults. Furthermore, it lands in a interval when safety companies are warning that subtle threats are more and more focusing on cross-chain bridges and liquidity routing techniques.
The protocol stated the assault affected its cross-chain bridge part, which depends on a number of good contracts to maneuver property throughout completely different networks. Nonetheless, the group moved rapidly to difficulty public warnings and pause person interactions whereas it investigated.
Technical particulars of the cross-chain bridge exploit
The assault centered on a particular good contract vulnerability inside CrossCurve’s structure. In an pressing discover posted on its official X account on 2026, the group urged customers to instantly cease interacting with the protocol whereas the scenario was assessed.
CrossCurve wrote that its bridge was “at present beneath assault” and {that a} flaw in one of many contracts utilized by the system was being exploited. That stated, the mission emphasised that customers ought to “pause all interactions” with CrossCurve till additional updates have been accessible.
In keeping with Defimon Alerts, an automatic monitoring account operated by safety firm Decurity, the exploit allowed attackers to abuse the ReceiverAxelar contract. Furthermore, the problem reportedly enabled calls to the expressExecute perform utilizing spoofed cross-chain messages.
The submit from Defimon Alerts defined that the malicious calls bypassed gateway validation and triggered unauthorized unlocks on the PortalV2 contract. On-chain knowledge later confirmed that roughly $3M had been drained from PortalV2 throughout a number of networks by means of this mechanism.
CrossCurve response and SafeHarbor coverage
In a follow-up replace, CrossCurve stated it had traced funds from the exploit to 10 pockets addresses that acquired tokens originating from the incident. The group harassed that these addresses won’t belong to malicious actors and that there was “no indication of malicious intent” from the holders at that stage.
Nonetheless, CrossCurve famous that the tokens had been “wrongfully taken from customers” on account of the good contract exploit. The mission appealed for cooperation from recipients and requested them to return the digital property that had been transferred to their wallets.
As a part of its mitigation technique, the protocol activated its SafeHarbor WhiteHat coverage, providing a bounty of as much as 10% to those that assist rescue funds. The group clarified that anybody performing in good religion could be eligible to maintain as a lot as 10% of the recovered quantity if the remaining funds have been returned.
The announcement additionally supplied a devoted contact e-mail for coordination. Furthermore, CrossCurve stated that people preferring to stay nameless may ship the compromised property on to a specified pockets tackle beneath the SafeHarbor framework.
Deadline, escalation measures and authorized steps
The crosscurve hack was accompanied by a strict timeline. CrossCurve warned that if no contact was made and the funds weren’t returned inside 72 hours from block 24364392, the group would deal with the incident as a malicious assault.
In that state of affairs, the mission stated it could escalate the matter by means of a number of channels. These embody submitting legal referrals, initiating potential civil litigation, and dealing with centralized exchanges and stablecoin issuers to freeze related property the place doable.
Moreover, CrossCurve pledged to collaborate with blockchain analytics companies and regulation enforcement businesses. The group additionally indicated that, absent cooperation, it could proceed with public disclosure of the pockets knowledge linked to the exploit.
Rising wave of crypto hacks in 2025 and 2026
The CrossCurve incident provides to a rising record of high-profile assaults on decentralized finance platforms. In January 2026, hackers stole almost $400 million in digital property throughout the {industry}, in keeping with knowledge cited within the report.
Safety agency CertiK recorded greater than 40 main safety incidents throughout that month alone, highlighting the dimensions of the present menace setting. Furthermore, cross-chain protocols and sophisticated liquidity techniques have more and more been focused due to the big volumes of property they safe.
The surge in assaults follows an already damaging 12 months for the sector. In 2025, complete losses from crypto-related thefts exceeded $1 billion, making it the worst 12 months on document for such incidents and underscoring persistent structural vulnerabilities.
Towards this backdrop, the CrossCurve case illustrates how a single good contract flaw can cascade throughout a number of networks and person wallets. It additionally exhibits why tasks are leaning on whitehat incentives and coordinated responses to restrict harm when exploits happen.
In abstract, the CrossCurve exploit, the SafeHarbor response, and the broader statistics from 2025 and January 2026 reinforce the necessity for stronger safety practices, extra rigorous code audits, and sooner cross-industry collaboration when bridge vulnerabilities are uncovered.