Community
Classroom
Calendar
Members
Map
Leaderboards
About
9d (edited) • 📅 News
How CrossCurve Lost $3M With Bridge Exploit
Today attackers drained $3 million by exploiting a critical oversight in CrossCurve's bridge.
They sent "spoofed" messages - basically fake deposit receipts - to the bridge's expressExecute function.
The smart contract had no access control on that specific function. It failed to verify who was sending the message.
✅ Intended Behavior: Only the official Axelar Gateway should trigger a transfer.
❌ Actual Behavior: The contract accepted commands from anyone, allowing the hackers to bypass security entirely.
And this could've been avoided with a simple Sender Validation.
The contract needed a check ensuring that msg.sender == AxelarGateway.
Without this verify-sender check, the door was left wide open.
Source: https://decrypt.co/356599/crosscurve-legal-action-3m-cross-chain-bridge-exploit
1
0 comments
Gus Klaison
3
How CrossCurve Lost $3M With Bridge Exploit
powered by
Web3 Builders Hub
skool.com/beawhale-1893
We help builders & founders cut through Web3 noise - learn fast, network, and ship blockchain products web3 users love 🐋
Suggested communities
KubeCraft Career Accelerator
AI Money Lab
Story Hacker Gold
Code your ideas
AI Content Creation Community
Build your own community
Bring people together around your passion and get paid.
Powered by