Haciyev Reşit 
As attacks targeting cross-chain infrastructures in the cryptocurrency market continue to increase recently, the CrossCurve protocol has officially confirmed that its cross-chain bridge is under an active attack. According to a statement by the project team, a security vulnerability identified in the smart contracts was exploited by attackers. As a result of this exploit, approximately $3 million worth of crypto assets across multiple blockchain networks were unauthorizedly seized and withdrawn from the protocol. The incident has once again highlighted that security risks remain high due to the complex nature of cross-chain bridges, quickly causing concern among users and investors.
Official Statement from CrossCurve
In an announcement shared on the X platform on Sunday, the CrossCurve team stated that a critical security vulnerability had been detected in one of the smart contracts used in the bridge infrastructure. Project officials confirmed that the vulnerability was exploited by attackers and noted that a detailed investigation has been launched to determine the full scope of the incident. The statement urged users to immediately halt all interactions with CrossCurve until the security review is completed.
“Our bridge is currently under attack. A vulnerability in one of the smart contracts has been exploited. Please stop interacting with CrossCurve until the investigation is complete.”
How Did the Attack Occur?
Blockchain security platform Defimon Alerts explained that the attack stemmed from a missing validation check in the ReceiverAxelar contract. According to the analysis, attackers were able to create fake cross-chain messages and call the expressExecute function, bypassing gateway validation. This led to unauthorized token releases from the protocol’s PortalV2 contract. Data from Arkham Intelligence shows that the PortalV2 contract balance dropped from approximately $3 million to nearly zero after the attack.
Experts note that this vulnerability bears similarities to the Nomad bridge exploit in 2022, which resulted in losses of around $190 million. Security expert Taylor Monahan emphasized after the incident that fundamental risks in cross-chain verification mechanisms still remain unresolved.
Protocol and Investor Support
CrossCurve, formerly known as EYWA, stands out as a cross-chain liquidity and settlement protocol developed in collaboration with Curve Finance. While aiming to enable secure and efficient cross-chain transfers within the decentralized finance ecosystem, the project is also supported by Curve Finance founder Michael Egorov. To date, CrossCurve has raised a total of $7 million across various funding rounds, attracting attention with its strong investor backing.
The protocol infrastructure integrates multiple validation and messaging systems such as Axelar and LayerZero to avoid reliance on a single validator for cross-chain transactions. Although this structure theoretically aims to enhance security, the recent attack reveals that cross-chain architectures still carry significant risks.
Assessment
The CrossCurve attack has once again demonstrated that cross-chain bridges continue to pose high security risks. This incident shows that users should consider not only yield and speed, but also smart contract risks and security architecture when interacting with bridge protocols. Especially in multi-chain infrastructures, even a small validation error has been proven once again to be capable of causing serious losses.
Also, you can freely share your thoughts and comments about the topic in the comment section. Additionally, please follow us on our Telegram, YouTube and Twitter channels for the latest news and updates.