As detailed in The Cyber Express, the decentralized finance protocol CrossCurve, formerly known as EYWA, has experienced a significant cyberattack. Attackers successfully exploited a vulnerability within its smart contract infrastructure, leading to the draining of approximately $3 million across several blockchain networks.The incident occurred when attackers leveraged a flaw in CrossCurve's ReceiverAxelar contract, which lacked a crucial validation check. This allowed them to bypass gateway validation and execute an unauthorized expressExecute function with spoofed cross-chain messages. The exploit triggered unauthorized token unlocks on the PortalV2 contract, resulting in the loss of funds. Security analysis indicates the attack unfolded across multiple chains, not just one. The PortalV2 contract's balance reportedly dropped from around $3 million to near zero on January 31. CrossCurve, which utilizes a multi-validation bridge system involving Axelar, LayerZero, and its own EYWA Oracle Network, had previously highlighted its architecture as a security strength.This attack on CrossCurve, which received early support from prominent figures like Curve Finance founder Michael Egorov, raises renewed concerns about the security of cross-chain bridges. Despite layered validation systems, a single smart contract vulnerability proved sufficient to compromise the protocol. The incident echoes past bridge hacks, such as the 2022 Nomad bridge exploit, underscoring the persistent risks in cross-chain communication and the need for enhanced security audits and user vigilance in the decentralized finance space.Source: The Cyber Express
Threat Management, Vulnerability Management
CrossCurve bridge loses $3 million in smart contract exploit

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



