You imply you can break it?  

We found that IOTA’s custom hash function Curl is vulnerable to a well-known technique for breaking hash functions called differential cryptanalysis, which we then used to generate practical collisions. We used our technique to produce two payments in IOTA (they call them “bundles”) which are different, but hash to the same value, and thus have the same signature.