Cross-chain liquidity protocol CrossCurve was attacked due to a smart contract vulnerability, resulting in theft of approximately $3 million.

MarsBitNews · 2026-02-02T00:13:57+00:00

Cross-chain liquidity protocol CrossCurve confirms its cross-chain bridge protocol was attacked, resulting in approximately $3 million stolen due to a smart contract vulnerability. The attacker exploited a gateway verification bypass flaw to trigger unauthorized token unlocks. The protocol is supported by Curve Finance founder and has raised $7 million in funding.

MarsBitNews

2026-02-02 00:13:57

Abstract generation in progress

Mars Finance reports that, according to The Block, the cross-chain liquidity protocol CrossCurve (formerly EYWA) has confirmed that its cross-chain bridge protocol is “under attack.” The attack was caused by a vulnerability in its smart contract that was exploited, resulting in approximately $3 million worth of funds being stolen across multiple networks. Blockchain security firm Defimon Alerts discovered that the attack vector involved a gateway validation bypass vulnerability in CrossCurve’s ReceiverAxelar contract. Analysis shows that anyone can use forged cross-chain messages to call the expressExecute function of this contract, thereby bypassing the expected gateway validation and triggering unauthorized token unlocks on the protocol’s PortalV2 contract. The protocol is supported by Curve Finance founder Michael Egorov and has previously raised $7 million.

EYWA-16,17%

CRV-0,86%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.