CrossCurve cross-chain bridge exploit leads to $3 million loss and 10% bounty offer

On February 2 2026, CrossCurve disclosed that its cross-chain bridge smart contracts had been exploited, causing about $3 million in losses across several blockchain networks. A message verification flaw reportedly enabled attackers to spoof cross-chain messages and unlock tokens without proper authorization. The project has urged users to stop interacting with its contracts and its CEO has offered a bounty of up to 10% if the stolen funds are returned within 72 hours.