CrossCurve, a cross-chain liquidity and bridge protocol, has confirmed that its bridge system was hacked, resulting in a loss of around $3 million. This affected multiple blockchains and is now under investigation. CrossCurve warns the users to pause all activity interacting with the protocol.
How Attackers Hacked the Bridge system
The missing security check from the CrossCurve smart contract was the major reason for this hack. The Smart Contract needs to verify the messages sent between the blockchains, but one of the verification steps was incommpleete which allowed the attackers to trick the system by sending fake messages that look valid to the system. This allowed the attacker to hack the token from the contract.
Security experts say that this exploit resembles the Nomad bridge hack in 2022, which drained around $190 million. They raised concerns that basic security mistakes are happening years later despite several past warnings.
CrossCurve has promoted its bridge as one of the safer and more secure bridges than others because it relies on multiple independent validation systems, such as Axelar, LayerZero, and its own oracle network. But this incident shows that despite multiple systems, a single coding mistake can still be exploited.
What must users do after this exploit?
The project, backed by Michael Egorov, the founder of Curve Finance, has reportedly raised around $7 million from investors. After the incident, Curve Finance warns users to review their positions and consider removing those who have exposure to CrossCurve-related pools.
Right now, the users should not interact with the CrossCurve until further notice and review any exposure to CrossCurve-related pools. They should look for any official updates from the team and be cautious with the cross-chain bridges.
Highlighted Crypto News:
U.S. Treasury Sanctions UK Crypto Exchanges for Iran Sanctions Evasion
