The decentralized finance protocol CrossCurve recently announced that its cross-chain bridge has been targeted in a cyber attack, resulting in an estimated $3 million being exploited across multiple networks.
In a statement posted on X, CrossCurve revealed that the attack was carried out by exploiting a vulnerability in one of its smart contracts.
The team urged all users to refrain from interacting with CrossCurve until the investigation is completed.
According to Defimon Alerts, a blockchain security firm, the attack affected several networks and resulted in a loss of around $3 million. The exploit involved tricking one of CrossCurve’s smart contracts into unlocking tokens without proper validation.
Defimon Alerts explained that the exploit was possible because the smart contract allowed anyone to send a fake cross-chain message, bypassing the necessary checks.
As a precaution, Curve Finance, a partner of CrossCurve, advised users who have allocated funds to CrossCurve pools to review their positions and consider removing their votes.
The incident serves as a reminder for all participants in the web 3.0 ecosystem to remain vigilant and carefully assess the risks when engaging with third-party projects.
CrossCurve offers a 10% reward for returning funds within 72 hours
In an effort to reach the perpetrator, CrossCurve CEO Boris Povar disclosed 10 addresses that received tokens from the exploit and promised a reward if the tokens were returned within 72 hours.
“These tokens were taken from users due to a smart contract exploit. We do not believe this was intentional and there is no evidence of malicious intent,” Povar stated. “We hope for your cooperation in returning the funds.”
Povar is offering up to a 10% bounty if the funds are returned within the allotted time frame.
“If the funds are not returned or we do not receive any communication within 72 hours, we will assume malicious intent and take legal action,” he warned.
Povar also mentioned that CrossCurve is willing to collaborate with law enforcement, pursue civil lawsuits to recover damages, and work with authorities and other cryptocurrency projects to freeze assets if the funds are not returned.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments