Is CrossCurve Safe?
Risk Grade: D+ (62/100)
CrossCurve is rated as high risk — extreme novelty, critical interactions, unproven at scale.
High risk — already exploited for $3M through a basic validation bypass, and the multi-layer security model proved weaker than advertised
A cross-chain bridge built specifically for Curve Finance pools, letting you swap stablecoins across blockchains. It raised $7M and processed $1.85B in its first year. Its D+ grade reflects a $3M hack in February 2026 caused by a missing security check that let anyone forge fake cross-chain messages.
TVL
—
Mechanisms
7
Interactions
5
Value Grade
D-
Key Risks for CrossCurve Users
In February 2026, a hacker sent fake messages that the bridge accepted as real, draining $3M. The same attack pattern could be repeated at larger scale on any chain where CrossCurve operates
The bridge claims to use three independent validation layers (Axelar, LayerZero, EYWA), but bypassing just one was enough to steal everything. The multi-layer security was false confidence
The team offered the hacker a 10% bounty to return the funds. If the hacker launders the money through mixers instead, there is no recovery plan
Top Risk Factors
- •Exploited for $3M in February 2026 via spoofed cross-chain messages bypassing gateway validation in the ReceiverAxelar contract
- •Multi-validator consensus bridge (Axelar + LayerZero + EYWA Oracle) had a missing validation check that allowed unauthorized token unlocks from PortalV2
- •Cross-chain message validation is inherently complex; the protocol routes through three independent validation layers but a single bypass in one layer was sufficient to drain funds
How CrossCurve Compares to Peers
CrossCurve ranks #24 of 24 Bridge protocols (bottom quartile — among the riskiest). At a risk score of 62/100, it's 20 points riskier than the sector average of 42/100.
See the full Bridge sector leaderboard or the CrossCurve vs LI.FI comparison.
Common Questions about CrossCurve
Plain-English answers based on CrossCurve's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Interaction Severity (20/20).
Has CrossCurve ever been hacked or exploited?
CrossCurve has a documented incident history that materially raised its risk grade — the track record dimension scored 15/15, near the high end of the scale. Past exploits, governance failures, or contract issues are baked into this rating. Anyone considering deposits should review the incident details before allocating capital.
How much money is at stake in CrossCurve?
CrossCurve currently holds an undisclosed amount of user capital. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for CrossCurve?
Hindenrank has identified specific collapse scenarios for CrossCurve. The most prominent: "Consensus Bridge Validator Collusion". The trigger condition is Attackers compromise or collude with a sufficient subset of CrossCurve's multi-validator consensus bridge (Axelar + LayerZero + EYWA Oracle) to forge cross-chain messages at will. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is CrossCurve regulated or insured?
CrossCurve has some regulatory exposure (4/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for CrossCurve?
Hindenrank's retail-focused risk audit flagged: In February 2026, a hacker sent fake messages that the bridge accepted as real, draining $3M. The same attack pattern could be repeated at larger scale on any chain where CrossCurve operates The bridge claims to use three independent validation layers (Axelar, LayerZero, EYWA), but bypassing just one was enough to steal everything. The multi-layer security was false confidence The team offered the hacker a 10% bounty to return the funds. If the hacker launders the money through mixers instead, there is no recovery plan On the technical side, 1 critical-severity interaction risk has been identified.
Should beginners deposit into CrossCurve?
CrossCurve carries a D+ grade — among the riskiest protocols in Hindenrank's coverage. Beginners should not deposit here. Anyone considering a position should understand they may lose everything they put in, and should size accordingly.
How does CrossCurve compare to safer Bridge alternatives?
CrossCurve is one protocol in Hindenrank's Bridge coverage. The safest Bridge protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare CrossCurve against the full Bridge ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the CrossCurve risk report.
Read the Full CrossCurve Risk Report
This protocol has 2 collapse scenarios. 1 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.