ExchangeDEX+

Buy Crypto Markets Spot FuturesGOLD Earn Event Center

Cross-chain liquidity protocol CrossCurve has confirmed its bridge infrastructure is under active attack following the exploitation of a smart contract vulnerabilityCross-chain liquidity protocol CrossCurve has confirmed its bridge infrastructure is under active attack following the exploitation of a smart contract vulnerability

CrossCurve Bridge Drained in US$3M Smart Contract Exploit Across Multiple Chains

Author: Cryptonews AU

Source: Cryptonews AU

2026/02/02 13:44

CrossCurve confirmed an active bridge exploit enabling roughly US$3 million in unauthorised token unlocks.
A validation bypass allowed spoofed cross-chain messages to drain funds from the PortalV2 contract.
The incident drew comparisons to the Nomad hack and prompted warnings from Curve Finance.

Cross-chain liquidity protocol CrossCurve has confirmed its bridge infrastructure is under active attack following the exploitation of a smart contract vulnerability that enabled unauthorised token unlocks worth approximately US$3 million (AU$4.32 million).CrossCurve disclosed the incident on Sunday, warning users to immediately halt all interactions with the platform while investigations continue.

Blockchain security firm-linked account Defimon Alerts attributed the exploit to a validation flaw within CrossCurve’s ReceiverAxelar contract. The vulnerability allowed attackers to submit fabricated cross-chain messages via the expressExecute function, bypassing gateway checks designed to authenticate transactions. This bypass triggered unauthorised token releases from the protocol’s PortalV2 contract without proper verification.

On-chain data shared by Defimon Alerts shows the PortalV2 contract balance falling from roughly US$3 million (AU$4.32 million) to nearly zero on 31 January. The exploit appears to have affected multiple blockchain networks connected to CrossCurve’s bridge infrastructure.
Related: Crypto Sell-Off Deepens as Bitcoin Briefly Dips Below $84K

Concerns Over Longstanding Bridge Weaknesses

The attack has drawn comparisons to the 2022 Nomad bridge incident, where flawed validation logic enabled widespread fund withdrawals. Security researcher Taylor Monahan noted that the same category of weakness continues to resurface in cross-chain systems.

CrossCurve, formerly known as EYWA Protocol, operates a cross-chain decentralised exchange and consensus bridge developed in partnership with Curve Finance. The protocol routes transactions through several independent validation layers, including Axelar, LayerZero and the EYWA Oracle Network, in an effort to reduce single points of failure.

Despite these safeguards, Curve Finance advised users with exposure to EYWA-related pools to reassess their positions and consider removing votes. The platform reiterated the importance of exercising caution when interacting with third-party protocols.

Related: SEC Chair Walks Back Timeline on Sweeping Crypto Exemptions After Wall Street Pushback

The post CrossCurve Bridge Drained in US$3M Smart Contract Exploit Across Multiple Chains appeared first on Crypto News Australia.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.