Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
CrossCurve, a cross-chain liquidity protocol (formerly known as EYWA), confirmed a smart contract exploit on its bridge infrastructure late February 1 into February 2, 2026, resulting in approximately $3 million in losses across multiple blockchain networks.
The protocol announced via X that its bridge was “under attack” due to a vulnerability in one of its smart contracts—specifically the ReceiverAxelar contract—which allowed attackers to spoof cross-chain messages, bypass gateway validation, and trigger unauthorized token unlocks on the PortalV2 liquidity pool contract (per reports from Defimon Alerts/Decurity, The Block, CCN, CryptoNews, and others). The breach affected operations across several chains, though exact networks beyond general multi-chain mentions (e.g., Ethereum and potentially others like Polygon or BSC in broader DeFi contexts) were not always specified in initial disclosures; losses stemmed from drained liquidity pools and wrongfully transferred funds.
CrossCurve urged users to immediately pause all interactions while an investigation proceeds. The team identified about 10 Ethereum addresses linked to the stolen funds and threatened potential criminal and civil legal action. Additionally, the CEO offered a white-hat bounty of up to 10% for the return of funds within 72 hours.
Security researchers described the incident as a classic cross-chain messaging flaw, underscoring persistent risks in multi-chain DeFi bridges—where validation gaps can enable rapid, hard-to-contain drains. While the $3 million loss is modest relative to larger 2025–2026 hacks, it rekindles concerns over bridge security, which has historically accounted for significant portions of DeFi thefts.
The protocol plans full audits, enhanced safeguards, and mitigations like freezing affected components. Users are advised to monitor positions, withdraw where feasible, and await updates. The exploit contributes to 2026’s growing list of DeFi incidents, emphasizing the need for rigorous audits, real-time monitoring, and robust code reviews in decentralized finance—where yield potential comes with elevated operational and smart contract risks compared to traditional systems.
