CrossCurve Hit by $3 Million Cross-Chain Bridge Exploit Amid Rising Crypto Hacks

CrossCurve, a decentralized cross‑chain liquidity protocol, has confirmed that its cross-chain bridge has been attacked, reportedly resulting in losses of around $3 million.

This event adds to a surge in cryptocurrency thefts that claimed nearly $400 million from the industry in January 2026 alone.

CrossCurve Attack Details and Response

The CrossCurve exploit targeted a vulnerability in one of the smart contracts. Following the incident, the protocol shared an urgent security warning on its official X (formerly Twitter) account. The team urged users to stop all activity while the issue was investigated.

“Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used. Please pause all interactions with CrossCurve while the investigation is ongoing,” CrossCurve posted.

Defimon Alerts, an automated security monitoring account operated by Decurity, reported that the exploit resulted in losses of around $3 million across several networks.

“Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2,” the post read.

CrossCurve is dealing with a bridge exploit@crosscurvefi confirmed its bridge is under attack after a missing validation check let spoofed cross-chain messages through. Onchain data shows around $3M was drained from its PortalV2 contract across multiple networks.

The team has… pic.twitter.com/xiuK9jNz8i

— Crypto Miners (@CryptoMiners_Co) February 1, 2026

In a follow-up update, CrossCurve stated that it had identified 10 wallet addresses that received tokens originating from the exploit.

“These tokens were wrongfully taken from users due to a smart contract exploit. We do not believe this was intentional on your part, and there is no indication of malicious intent. We hope for your cooperation in returning the funds,” the team wrote.

As part of its response, CrossCurve invoked its SafeHarbor WhiteHat policy, offering a bounty of up to 10%. Such responses are quite common across crypto, encouraging negotiations and ethical action.

“We offer up to a 10% bounty for funds rescued by WhiteHats, this makes you eligible to keep up to 10% if the remainder is returned,” the post added.

The protocol invited parties to coordinate directly via email or, if they preferred anonymity, to return the assets to a designated wallet address.

The team warned that the incident will be treated as malicious if no contact is established and the funds are not returned within 72 hours from block 24364392. CrossCurve stated that failure to comply would trigger escalation measures.

This includes criminal referrals, civil litigation, cooperation with centralized exchanges and stablecoin issuers to freeze assets, public disclosure of wallet data, and collaboration with blockchain analytics firms and law enforcement.

The latest exploit adds to the list of attacks seen earlier this year. In January 2026, attackers stole nearly $400 million in digital assets. Data from blockchain security firm CertiK shows more than 40 major security incidents in the month.

The surge continues a broader trend from last year. 2025 marked the worst year on record for crypto-related thefts, with total losses exceeding $1 billion.

The post CrossCurve Hit by $3 Million Cross-Chain Bridge Exploit Amid Rising Crypto Hacks appeared first on BeInCrypto.