Losses at CrossCurve underline the high risk of cross-chain bridges during periods of rising crypto attacks.
CrossCurve halted user activity after an attack targeted its cross-chain bridge. The incident forced developers to investigate a smart contract flaw. Partner protocols and and security firms issued warnings as funds were traced on-chain.
User Interactions Halted as CrossCurve Examines Contract Weakness
CrossCurve confirmed on Sunday that its cross-chain bridge was targeted by attackers. The team linked the incident to a flaw in one of the bridge’s smart contracts. Users were asked to pause all activity while developers began reviewing the issue.
Because assets are held across multiple smart contracts, moving them between networks increases risk when a single component fails.
⚠️ URGENT Security Notice
Dear users,
Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.
Please pause all interactions with CrossCurve while the investigation is ongoing.
We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
— CrossCurve (@crosscurvefi) February 1, 2026
Curve Finance addressed its community shortly after the incident. Users with exposure to CrossCurve pools were advised to reassess their positions and decide whether to withdraw voting support. The statement urged careful judgment when interacting with external protocols during unstable conditions.
Early checks found damage limited to the bridge, with no issues detected across other protocol components. Alerts went out quickly, while the team kept access paused and tracked the movement of stolen funds.
Protocol Calls for Asset Returns After On-Chain Review
After tracing on-chain activity, the team found that funds from the exploit had moved into 10 wallet addresses. CrossCurve said it could not confirm whether those wallets belonged to the attackers and saw no clear hostile behavior at that point. Even so, the protocol acknowledged that users lost funds due to the exploit.
In response, project officials appealed directly to recipients to return the assets. The team described the transfers as improper and asked for cooperation. To support recovery efforts, CrossCurve activated its SafeHarbor WhiteHat policy, offering a reward of up to 10% of recovered funds if the rest is returned.
Details included a direct contact email for coordination. An alternative option allows anonymous returns through a designated wallet address. The team said recovered funds would be returned to affected users after review.
Moreover, CrossCurve shared a contact email to help coordinate the return of funds. A separate wallet address was also provided for those who prefer to send assets back without revealing their identity. After verification, the team said it plans to distribute recovered funds to affected users.
Recent Breaches Expose Ongoing Risks in Decentralized Finance
Crypto attacks have increased across the industry, with the CrossCurve incident adding to a growing list of breaches. Security firm CertiK recorded nearly $400 million in losses in January 2026, with more than 40 major incidents reported.
_Image Source: _X/CertiK
Cross-chain systems face a higher risk because they handle large amounts of funds and rely on complex structures. Recent incidents show how fast damage can spread once an exploit begins.
Other victims during the same period included Swapnet, which lost $13 million. Saga and Makina Finance reported losses of $6.2 million and $4.2 million. Step Finance also suffered a breach that drained several treasury and fee wallets, moving more than 261,000 SOL.
Losses across 2025 passed $1 billion, marking the worst year on record for crypto theft. The CrossCurve case adds another reminder of ongoing security gaps within decentralized finance.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Elon Musk's X to Auto-Lock Accounts Posting Crypto for First Time
X is implementing a new feature that auto-locks accounts with their first crypto post to combat phishing attacks. This aims to reduce the misuse of hijacked accounts for scams while enhancing user security.
Coinpedia4h ago
ZachXBT accuses Circle of $420M in 'compliance failures' since 2022
Onchain detective ZachXBT claims that Circle, the issuer of the USDC (USDC) stablecoin, has failed to freeze or blacklist about $420 million in illicit fund flows since 2022.
Circle can freeze illicit funds and blacklist wallet addresses, but either took “minimal” action to freeze illicit flows or
Cointelegraph4h ago
Circle Hit With Allegations of Turning a Blind Eye to $420 Million in Illicit Funds Moving! ZachXBT Exposes a USDC Compliance Gap Igniting Controversy
The U.S. stablecoin company Circle has been accused of failing to effectively freeze more than $420 million in suspicious USDC funds. Investigators ZachXBT pointed out that since 2022, Circle has delayed freeze actions in multiple hack incidents, sparking questions about its compliance. The Drift Protocol attack involved in the incident has also made Circle’s criticism the focus. Market calls for Circle to raise its risk management standards were followed by serious losses to users caused by its delayed compliance enforcement.
ChainNewsAbmedia5h ago
Elon Musk's X to deploy scam kill switch by auto-locking first-time crypto mentioners
Social media platform X will auto-lock accounts that mention cryptocurrency for the first time, requiring additional verification to deter crypto phishing scams. This new measure aims to eliminate incentives for attacks that hijack accounts to promote fraudulent tokens.
CoinDesk6h ago
four.meme Due to a technical defect, the token creation for the fee mode has been paused. Full refunds will be issued to affected users.
four.meme announcement: Because the project tax fee receiving address that starts with 0x9f4 has a defect, sell transactions have failed. The related token creation function has been paused, and users are advised to stop trading. Also, full refunds will be provided to affected users who purchased before April 3 at 22:50.
GateNews7h ago
Upload private, explicit videos as a “nude-lending” cryptocurrency loan? “Hero Loan” targets people cornered with no way out—if they default, they upload OnlyFans.
A product that combines cryptocurrency, adult content, and a high-risk lending mechanism has recently sparked heated discussion in crypto circles and on social platforms. The project, named “Hero Loan,” promotes the slogan “unsecured loans,” but requires users to upload private videos as a condition, and ties default risk to an adult-platform monetization mechanism—prompting many netizens to describe it as “an encrypted version of loan-sharking/porn lending.”
The project even uses “If you think this won’t get used, it just means you haven’t reached rock bottom yet” as its promotional tagline, clearly targeting users with high risk and extreme capital pressure. However, shortly after it was exposed, one netizen said they had sent a video but didn’t receive any money; a KOL also responded that the project appears to have rug-pulled.
But honestly, a private video is only worth 60 bucks—that’s just too brutal.
“Hero Loan” targets people with nowhere left to go
According to information on the official website, the product runs on BNB Chain and is positioned for “people who have nowhere left to go—
ChainNewsAbmedia8h ago
