Feb 2nd (official sources) — CrossCurve announced its cross-chain bridge was attacked, with the attacker exploiting a smart contract vulnerability. The project team urged users to immediately cease all interactions with CrossCurve pending the completion of its investigation, and will continue updating the community via official channels. The team later confirmed some addresses received token funds intended for other users due to the vulnerability. No evidence of intentional malicious activity linked to the affected addresses has been found to date, and the team urged those address owners to cooperate in returning the erroneously transferred funds. Per its Safe Harbor Responsible Disclosure Policy, white-hat hackers assisting in fund recovery may keep up to 10% of recovered funds as a bounty. CrossCurve stated that if funds are not returned within 72 hours of Ethereum block height 24,364,392, or if no effective communication is established, the team will escalate its response as necessary. This includes initiating criminal and civil proceedings, collaborating with exchanges, stablecoin issuers, and on-chain analytics firms to freeze or trace the affected assets. The team urged all involved parties to contact them promptly or return funds directly to avoid further escalation.
