The decentralized cross-chain liquidity protocol CrossCurve has confirmed that the cross-chain bridge was attacked, resulting in approximately $3 million in damages.

This incident is an addition to a surge in cryptocurrency thefts that recorded nearly $400 million in damages in the month of January 2026.

CrossCurve attack history…Response situation

The CrossCurve exploit targeted a vulnerability in a smart contract. After the incident, the protocol posted an urgent security alert on its official X (formerly Twitter) account. The team requested users to halt all activities while the issue was being investigated.

“Our bridge is currently under attack. This is being investigated as an exploitation of vulnerabilities in the smart contract being used. As the investigation is ongoing, please suspend all interactions with CrossCurve.” – Post from CrossCurve.

Decurity's automated security monitoring account, Defimon Alerts, reported that this exploit caused approximately $3 million in damages across several networks.

“Anyone could call expressExecute with a tampered cross-chain message on the ReceiverAxelar contract, and unlock could be triggered on PortalV2 without gateway validation.” – Post.

In a subsequent announcement, the CrossCurve team stated that they have identified 10 wallet addresses that received tokens with confirmed sources due to the exploit.

“These tokens were incorrectly withdrawn from users due to a smart contract exploit. We do not consider that you obtained them intentionally, nor are there signs of malicious intent. We hope you will cooperate in returning the funds.” – Team post.

CrossCurve has activated the SafeHarbor WhiteHat policy as part of their response, offering a reward of up to 10%. This approach is a common response in the cryptocurrency industry to promote rewards, settlements, and ethical behavior.

“We offer a reward of up to 10% for funds recovered by white hats. Upon the return of the remaining amount, eligibility arises to retain up to 10%.” – Additional post.

The protocol has requested the relevant parties to negotiate directly via email or, if anonymity is desired, to return the assets to the designated wallet address.

The team has warned that if funds are not returned within 72 hours from block 24364392, the incident will be considered malicious. CrossCurve has stated that additional measures will be taken in case of non-compliance.

This includes criminal charges, civil lawsuits, asset freezes through cooperation with centralized exchanges and stablecoin issuers, wallet data disclosure, and collaboration with blockchain analysis firms and law enforcement.

This exploit is yet another attack case that occurred following the one earlier this year. In January 2026, attackers stole nearly $400 million in digital assets. According to data from the blockchain security company CertiK, there were over 40 major security incidents in that month.

This surge is an extension of a larger trend that has been ongoing since last year. The year 2025 recorded the worst year for cryptocurrency-related thefts, with total damages exceeding $1 billion.