Crypto bridge CrossCurve has told users to pause interacting with its protocol while it conducts an investigation into a smart contract breach.
Crypto protocol CrossCurve said its cross-chain bridge has been attacked, with reports that $3 million has stolen across multiple networks.
CrossCurve posted to X late on Sunday that its bridge was “under attack, involving the exploitation of a vulnerability in one of the smart contracts used.”
“Please pause all interactions with CrossCurve while the investigation is ongoing,” it added.
The blockchain security-focused X account Defimon Alerts said CrossCurve was exploited for around $3 million “on several networks.”
It added that one of CrossCurve’s smart contracts allowed anyone to spoof a message to bypass validation and unlock tokens.
“Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2,” Defimon Alerts said.
Curve Finance, which has partnered with CrossCurve, posted on X that users who allocated to CrossCurve pools “may wish to review their positions and consider removing those votes.”
Related: Step Finance treasury wallets breached, $27M in SOL drained as STEP crashes 90%
“We continue to encourage all participants to remain vigilant and make risk-aware decisions when interacting with third-party projects,” it added.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
This is a developing story, and further information will be added as it becomes available.