On February 1, the CrossCurve cross-chain liquidity protocol team reported a hack.
⚠️ URGENT Security Notice
— CrossCurve (@crosscurvefi) February 1, 2026
Dear users,
Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used.
Please pause all interactions with CrossCurve while the investigation is ongoing.
We appreciate your patience and… pic.twitter.com/yfo1KvWoDd
"Our bridge is under attack due to a vulnerability in one of the smart contracts. Please refrain from interacting with CrossCurve while we investigate," the developers stated.
Security experts from Defimon Alerts determined that hackers bypassed the gateway validation in a smart contract called ReceiverAxelar.
CrossCurve @crosscurvefi (formerly https://t.co/4HJ33uOZUS) has been exploited for around $3 million across several networks.
— Defimon Alerts (@DefimonAlerts) February 1, 2026
Anyone could call expressExecute on the ReceiverAxelar contract with a spoofed cross-chain message, bypassing gateway validation and triggering unlock on PortalV2.… pic.twitter.com/EfYe3Tfo9v
The attackers invoked the expressExecute function by sending fake cross-chain messages, allowing them to bypass validation and unauthorizedly unlock tokens in the PortalV2 contract.
According to Arkham Intelligence, the pool balance plummeted from $3 million to nearly zero.
CrossCurve (formerly EYWA Protocol) is a cross-chain DEX and bridge developed in collaboration with Curve Finance. Its architecture is based on a Consensus Bridge mechanism that distributes transaction validation risks among independent protocols: Axelar, LayerZero, and its own EYWA oracle network.
The project has repeatedly touted this approach as a key advantage, claiming that "the likelihood of multiple cross-chain protocols being hacked simultaneously is close to zero."
In September 2023, Curve Finance founder Michael Egorov became an investor in the platform, which later secured $7 million in venture funding.
The Curve Finance team commented on the hack by warning users.
In light of the recent security incident involving https://t.co/3Wv3pEhCu8 (== CrossCurve):
— Curve Finance (@CurveFinance) February 1, 2026
Users who have allocated votes to Eywa-related pools may wish to review their positions and consider removing those votes. We continue to encourage all participants to remain vigilant and… https://t.co/chd5YBOXhr
"Those who have delegated votes in EYWA-related pools should assess their positions and consider withdrawing those votes," the developers noted.
It’s worth mentioning that in January, hackers targeted several decentralized projects, including the L1 network Saga, the Ethereum verification protocol Truebit, and the DeFi platform Makina Finance.
Previously, Immunefi CEO Mitchell Amador stated that nearly 80% of crypto platforms cease to exist after major attacks.