Market Updates

Markets

Your Weekend Crypto Roundup – May 2026 · Week 1

1 May 2026

Markets

Crypto’s Market Makers Work in the Shadows and Almost Nobody Is Disclosing This

1 May 2026

Markets

Is UK Youth Crypto Demand Set to Clash with Tighter Regulations?

1 May 2026

Markets

CLARITY Act Stalls in Congress as Crypto Industry and Banks Clash Over Digital Asset Rules

1 May 2026

Markets

Canada Bets That Crypto and Elections Simply Cannot Mix

30 April 2026

Events

Chain of Thoughts

America’s Crypto U-Turn: The SEC Finally Gets It Right

27 March 2026

The Nation-State FOMO: Are Strategic Bitcoin Reserves Genuine Policy or Political Theatre?

28 December 2025

The Centralization Paradox: How Structural Forces Pull Crypto Back to Gatekeepers

29 November 2025

SocialFi and the Tokenization of Influence

31 October 2025

The Aesthetics of Web3: Why Vibe Matters in Decentralized Communities

27 September 2025

Home News Crime

Curve Finance Urges Users to Reconsider CrossCurve Votes After $3M Bridge Exploit

Curve Finance has warned its community to reassess any governance votes tied to CrossCurve after the cross-chain protocol confirmed its bridge was compromised in an attack that reportedly drained about $3 million across several networks.

In a post on X, Curve said users who allocated votes to CrossCurve pools “may wish to review their positions,” following disclosures that a vulnerability in CrossCurve’s smart contracts had been exploited.

In light of the recent security incident involving https://t.co/3Wv3pEhCu8 (== CrossCurve):

Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and… https://t.co/chd5YBOXhr

— Curve Finance (@CurveFinance) February 1, 2026

“Please pause all interactions with CrossCurve while the investigation is ongoing,”

it added.

CrossCurve confirms smart contract vulnerability

CrossCurve disclosed late Sunday that its cross-chain bridge was actively under attack, urging users to immediately pause all interactions with the protocol while investigations continue.

Blockchain security monitor Defimon Alerts, linked to Decurity, estimated losses at roughly $3 million. According to its findings, one of CrossCurve’s contracts allowed attackers to spoof cross-chain messages, bypass validation checks, and unlock tokens across multiple networks.

The flaw reportedly enabled anyone to call a function that circumvented gateway verification, triggering unauthorized token releases.

Curve Finance permanently moved to a new web domain following a DNS hijacking attack that exposed significant security risks to its users. The protocol announced in May 13, 2025, that it will now operate exclusively on Curve.finance, replacing the previously used Curve.fi domain.

Protocol offers 10% bounty for fund recovery

In response, CrossCurve CEO Boris Povar publicly shared wallet addresses believed to have received the stolen assets and appealed to the attacker for cooperation.

Povar offered a bounty of up to 10% if the funds are returned within 72 hours, framing the incident as potentially unintentional. He warned that failure to return the assets or establish contact within that timeframe would prompt legal action.

The CEO said CrossCurve is prepared to involve law enforcement, pursue civil litigation, and coordinate with exchanges and other crypto projects to freeze funds if necessary.

If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.