{"id":93794,"date":"2026-02-02T09:47:34","date_gmt":"2026-02-02T06:47:34","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=93794"},"modified":"2026-02-03T11:28:36","modified_gmt":"2026-02-03T08:28:36","slug":"crosscurve-bridge-hacked-for-3-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/crosscurve-bridge-hacked-for-3-million\/","title":{"rendered":"CrossCurve Bridge Hacked for $3 Million"},"content":{"rendered":"<p>On February 1, the team behind the <a href=\"https:\/\/forklog.com\/en\/news\/what-are-cross-chain-bridges\">cross-chain<\/a> liquidity protocol CrossCurve reported a security breach.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u26a0\ufe0f URGENT Security Notice<\/p>\n<p>Dear users,<\/p>\n<p>Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.<\/p>\n<p>Please pause all interactions with CrossCurve while the investigation is ongoing.<\/p>\n<p>We appreciate your patience and\u2026 <a href=\"https:\/\/t.co\/yfo1KvWoDd\">pic.twitter.com\/yfo1KvWoDd<\/a><\/p>\n<p>\u2014 CrossCurve (@crosscurvefi) <a href=\"https:\/\/twitter.com\/crosscurvefi\/status\/2018063302199488687?ref_src=twsrc%5Etfw\">February 1, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cOur bridge is under attack, involving the exploitation of a vulnerability in one of the smart contracts. Please refrain from interacting with CrossCurve while we investigate the incident,\u201d the developers wrote.<\/em><\/p>\n<\/blockquote>\n<p>Security experts from Defimon Alerts discovered that hackers bypassed the gateway verification in a smart contract named ReceiverAxelar.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">CrossCurve <a href=\"https:\/\/twitter.com\/crosscurvefi?ref_src=twsrc%5Etfw\">@crosscurvefi<\/a> (ex <a href=\"https:\/\/t.co\/4HJ33uOZUS\">https:\/\/t.co\/4HJ33uOZUS<\/a>) has been exploited for around 3 million on several networks.<\/p>\n<p>Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2.\u2026 <a href=\"https:\/\/t.co\/EfYe3Tfo9v\">pic.twitter.com\/EfYe3Tfo9v<\/a><\/p>\n<p>\u2014 Defimon Alerts (@DefimonAlerts) <a href=\"https:\/\/twitter.com\/DefimonAlerts\/status\/2018055069762240741?ref_src=twsrc%5Etfw\">February 1, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attackers invoked the expressExecute function by sending spoofed cross-chain messages. This allowed them to bypass validation and unauthorizedly unlock tokens in the PortalV2 contract.<\/p>\n<p>According to Arkham Intelligence, the pool&#8217;s balance plummeted from $3 million to nearly zero.<\/p>\n<p>CrossCurve (formerly EYWA Protocol) is a cross-chain <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-decentralised-exchange-dex\">DEX<\/a> and bridge developed in collaboration with Curve Finance. Its architecture is based on the Consensus Bridge mechanism, which distributes transaction verification risks among independent protocols: Axelar, LayerZero, and its own network of <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-blockchain-oracle\">oracles<\/a> EYWA.<\/p>\n<p>The project has frequently touted this approach as a key advantage, <a href=\"https:\/\/crosscurve.medium.com\/crosscurve-a-deep-dive-into-crosschain-liquidity-d90486e1fa70\">claiming<\/a> that \u201cthe likelihood of multiple cross-chain protocols being hacked simultaneously is close to zero.\u201d<\/p>\n<p>In September 2023, Curve Finance founder Michael Egorov <a href=\"https:\/\/crosscurve.medium.com\/eywa-roadmap-main-events-f2531152f611\">became<\/a> an investor in the platform. Later, the project <a href=\"https:\/\/finance.yahoo.com\/news\/top-vcs-join-eywas-seed-213000700.html\">secured<\/a> $7 million in venture funding.<\/p>\n<p>The Curve Finance team commented on the breach by issuing a warning to users.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">In light of the recent security incident involving <a href=\"https:\/\/t.co\/3Wv3pEhCu8\">https:\/\/t.co\/3Wv3pEhCu8<\/a> (== CrossCurve):<\/p>\n<p>Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and\u2026 <a href=\"https:\/\/t.co\/chd5YBOXhr\">https:\/\/t.co\/chd5YBOXhr<\/a><\/p>\n<p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/2018072427213767109?ref_src=twsrc%5Etfw\">February 1, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThose who have delegated votes to EYWA-related pools should assess their positions and consider withdrawing those votes,\u201d the developers noted.<\/em><\/p>\n<\/blockquote>\n<p>Earlier in January, hackers targeted several decentralized projects: the L1 network <a href=\"https:\/\/forklog.com\/en\/news\/saga-blockchain-hacked-7-million-stolen-stablecoins-depegged\">Saga<\/a>, the Ethereum verification protocol <a href=\"https:\/\/forklog.com\/en\/news\/truebit-token-plummets-after-26-million-hack\">Truebit<\/a>, and the DeFi platform <a href=\"https:\/\/forklog.com\/en\/news\/makina-finance-defi-protocol-breached-for-5-million\">Makina Finance<\/a>.<\/p>\n<p>Previously, Immunefi CEO Mitchell Amador <a href=\"https:\/\/forklog.com\/en\/news\/major-hacks-spell-doom-for-80-of-crypto-protocols-experts-say\">stated<\/a> that nearly 80% of crypto platforms cease to exist after major attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On February 1, the team behind the cross-chain liquidity protocol CrossCurve reported a security breach.<\/p>\n","protected":false},"author":1,"featured_media":93795,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"CrossCurve bridge hacked for $3 million; attackers exploited smart contract vulnerability.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1426,44,1093],"class_list":["post-93794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-curve-crv","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"236","promo_type":"1","layout_type":"1","short_excerpt":"CrossCurve bridge hacked for $3 million; attackers exploited smart contract vulnerability.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=93794"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93794\/revisions"}],"predecessor-version":[{"id":93796,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93794\/revisions\/93796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/93795"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=93794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=93794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=93794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}