Crypto protocol CrossCurve under attack, $3M reportedly exploited

Crypto bridge protocol CrossCurve just got wrecked — a smart contract exploit drained ~$3M across multiple chains. They're telling everyone to STOP interacting with their protocol while they investigate this mess.

CrossCurve dropped the bomb on X late Sunday: their bridge is "under attack, involving the exploitation of a vulnerability in one of the smart contracts used." Translation: someone found a backdoor and walked out with the loot.

Blockchain security sleuths Defimon Alerts broke it down: the exploit hit around $3M "on several networks." The flaw? A smart contract that let anyone spoof cross-chain messages to bypass validation and unlock tokens like it's an open vault.

Defimon's technical deep-dive: "Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2." Classic validation bypass — devs are gonna be debugging this one for weeks.

Curve Finance — which partnered with CrossCurve — is telling users who allocated to CrossCurve pools to "review their positions and consider removing those votes." They're reminding everyone to "remain vigilant and make risk-aware decisions when interacting with third-party projects." Basically: DYOR before you ape in.

This is a developing story — we'll update as more deets drop. Stay sharp out there.