CrossCurve Loses $3 Million in Major Attack: Smart Contract Vulnerability Exploited!

CrossCurve's bridge vulnerability has led to a $3 million loss, prompting urgent security measures.

Fridah Kangai
February 3, 2026
12:07 pm

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

CrossCurve bridge vulnerability leads to a $3 million loss.
Blockchain security experts highlight similarities to Nomad’s 2022 breach.
CrossCurve pauses interactions while investigating the smart contract exploit.

CrossCurve, a cross-chain liquidity protocol, has confirmed a significant attack on its infrastructure. The attack was aimed at a vulnerability in its smart contracts and resulted in a loss of about $3 million in numerous blockchain networks.

Vulnerability Identified in ReceiverAxelar Contract

The hack detected by blockchain security company Defimon Alerts was due to the vulnerability in the ReceiverAxelar contract. This flaw enabled attackers to bypass the gateway validation process and cause unauthorized token unlocks to take place on the PortalV2 contract of the protocol.

Consequently, the CrossCurve team has sounded an urgent warning to the users to cease their interaction with the platform until the investigation is completed. The team announced on X that their bridge is under attack and they are trying to evaluate the damage and eliminate additional risks.

⚠️ URGENT Security Notice

Dear users,

Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.

Please pause all interactions with CrossCurve while the investigation is ongoing.

We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
— CrossCurve (@crosscurvefi) February 1, 2026

Also Read: OpenAI’s Push for a Human-Only Social Network Aims to Tackle the Bot Crisis

Blockchain specialists were promptly compared to the notorious Nomad bridge breach of 2022, in which the same vulnerability resulted in the emptying of $190 million. Respected security expert Taylor Monahan had his say and was disheartened by the fact that such attacks continue, which is an example of a stark reminder of the dangers to blockchain infrastructure.

Although CrossCurve is concerned with secure bridging mechanisms, the attack revealed a lot of vulnerabilities in its system. This exploit was not prevented by the Consensus Bridge mechanism of the project, which was to send transactions through various independent validation protocols such as Axelar, LayerZero, and its own EYWA Oracle Network.

The hack underscores the constant threats of decentralized finance (DeFi) and its necessity to remain alert all the time. CrossCurve, once admired in terms of the partnership and security, now has to answer some tough questions related to the stability of its multi-chain system. The compromised $3 million highlights the insecurity of the most sophisticated DeFi-based mechanisms.

CrossCurve’s Response and Future Security Measures

The CrossCurve team is currently investigating the breach and making their systems secure in the wake of the attack. To their users who entered into EYWA-affiliated pools, they have urged them to check their stands and implement security measures.

The incident is a bitter lesson that, despite the rapid development of the world of DeFi, the security challenges are still there. Even more advanced cross-chain systems cannot be attacked, and the developers and users should reconsider their security in the future.

Also Read: CFTC and SEC Launch ‘Project Crypto’ to Update Digital Asset Rules Amid Legislation