On February 1, the team behind the cross-chain liquidity protocol CrossCurve reported a security breach.
⚠️ URGENT Security Notice
Dear users,
Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.
Please pause all interactions with CrossCurve while the investigation is ongoing.
We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
— CrossCurve (@crosscurvefi) February 1, 2026
“Our bridge is under attack, involving the exploitation of a vulnerability in one of the smart contracts. Please refrain from interacting with CrossCurve while we investigate the incident,” the developers wrote.
Security experts from Defimon Alerts discovered that hackers bypassed the gateway verification in a smart contract named ReceiverAxelar.
CrossCurve @crosscurvefi (ex https://t.co/4HJ33uOZUS) has been exploited for around 3 million on several networks.
Anyone could call expressExecute on ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2.… pic.twitter.com/EfYe3Tfo9v
— Defimon Alerts (@DefimonAlerts) February 1, 2026
The attackers invoked the expressExecute function by sending spoofed cross-chain messages. This allowed them to bypass validation and unauthorizedly unlock tokens in the PortalV2 contract.
According to Arkham Intelligence, the pool’s balance plummeted from $3 million to nearly zero.
CrossCurve (formerly EYWA Protocol) is a cross-chain DEX and bridge developed in collaboration with Curve Finance. Its architecture is based on the Consensus Bridge mechanism, which distributes transaction verification risks among independent protocols: Axelar, LayerZero, and its own network of oracles EYWA.
The project has frequently touted this approach as a key advantage, claiming that “the likelihood of multiple cross-chain protocols being hacked simultaneously is close to zero.”
In September 2023, Curve Finance founder Michael Egorov became an investor in the platform. Later, the project secured $7 million in venture funding.
The Curve Finance team commented on the breach by issuing a warning to users.
In light of the recent security incident involving https://t.co/3Wv3pEhCu8 (== CrossCurve):
Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and… https://t.co/chd5YBOXhr
— Curve Finance (@CurveFinance) February 1, 2026
“Those who have delegated votes to EYWA-related pools should assess their positions and consider withdrawing those votes,” the developers noted.
Earlier in January, hackers targeted several decentralized projects: the L1 network Saga, the Ethereum verification protocol Truebit, and the DeFi platform Makina Finance.
Previously, Immunefi CEO Mitchell Amador stated that nearly 80% of crypto platforms cease to exist after major attacks.