CrossCurve Bridge Dr...

CrossCurve Bridge Drained in US$3M Smart Contract Exploit Across Multiple Chains

By Rachel Lourdesamy February 02, 2026 In Blockchain, CrossCurve

Laptop screen displaying red code and a warning triangle with an exclamation mark, suggesting a cybersecurity alert or malware breach; blurred bokeh lights in the background. — Source:AdobeStock

CrossCurve confirmed an active bridge exploit enabling roughly US$3 million in unauthorised token unlocks.
A validation bypass allowed spoofed cross-chain messages to drain funds from the PortalV2 contract.
The incident drew comparisons to the Nomad hack and prompted warnings from Curve Finance.

Cross-chain liquidity protocol CrossCurve has confirmed its bridge infrastructure is under active attack following the exploitation of a smart contract vulnerability that enabled unauthorised token unlocks worth approximately US$3 million (AU$4.32 million).CrossCurve disclosed the incident on Sunday, warning users to immediately halt all interactions with the platform while investigations continue.

⚠️ URGENT Security Notice

Dear users,

Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.

Please pause all interactions with CrossCurve while the investigation is ongoing.

We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
— CrossCurve (@crosscurvefi) February 1, 2026

Blockchain security firm-linked account Defimon Alerts attributed the exploit to a validation flaw within CrossCurve’s ReceiverAxelar contract. The vulnerability allowed attackers to submit fabricated cross-chain messages via the expressExecute function, bypassing gateway checks designed to authenticate transactions. This bypass triggered unauthorised token releases from the protocol’s PortalV2 contract without proper verification.

On-chain data shared by Defimon Alerts shows the PortalV2 contract balance falling from roughly US$3 million (AU$4.32 million) to nearly zero on 31 January. The exploit appears to have affected multiple blockchain networks connected to CrossCurve’s bridge infrastructure.

Related: Crypto Sell-Off Deepens as Bitcoin Briefly Dips Below $84K

Concerns Over Longstanding Bridge Weaknesses

The attack has drawn comparisons to the 2022 Nomad bridge incident, where flawed validation logic enabled widespread fund withdrawals. Security researcher Taylor Monahan noted that the same category of weakness continues to resurface in cross-chain systems.

CrossCurve, formerly known as EYWA Protocol, operates a cross-chain decentralised exchange and consensus bridge developed in partnership with Curve Finance. The protocol routes transactions through several independent validation layers, including Axelar, LayerZero and the EYWA Oracle Network, in an effort to reduce single points of failure.

Despite these safeguards, Curve Finance advised users with exposure to EYWA-related pools to reassess their positions and consider removing votes. The platform reiterated the importance of exercising caution when interacting with third-party protocols.

Author

Rachel Lourdesamy

Rachel is a freelance writer based in Sydney with experience within financial services, marketing, and corporate communications in the APAC region. An avid reader and a graduate of the University of Sydney, she covers topics including business, finance and human interest.