CrossCurve Bridge Hit by $3M Exploit as Message Spoofing Strikes Again

The cross-chain bridge CrossCurve, formerly known as EYWA, confirmed it was actively under attack after a security exploit drained roughly $3 million in user assets.

The incident quickly drew comparisons to earlier bridge failures, underscoring how long-standing vulnerabilities in cross-chain messaging continue to resurface across the ecosystem.

The exploit unfolded over January 31 and February 1, triggering immediate concern among users and security researchers as funds were siphoned from the protocol’s core contracts across multiple connected networks.

How the Exploit Worked

According to early technical breakdowns, the attack relied on a message spoofing flaw similar in structure to the 2022 Nomad bridge incident.

At the center of the issue was a missing validation check in CrossCurve’s smart contracts, which left a critical execution path insufficiently protected.

Attackers were able to invoke the expressExecute function using spoofed cross-chain messages. By doing so, they effectively bypassed the protocol’s intended gateway verification logic and triggered unauthorized executions directly within the PortalV2 contract. This flaw allowed token unlocks to occur without legitimate cross-chain authorization, giving attackers direct access to protocol-held assets.

The mechanism did not require sophisticated key compromises or oracle manipulation. Instead, it exploited a logic gap in message verification, a category of vulnerability that has repeatedly plagued cross-chain infrastructure.

Impact Across the Protocol

On-chain data from Arkham Intelligence showed the PortalV2 contract balance falling from approximately $3 million to near zero during the attack window. The rapid depletion suggested a largely unimpeded exploit path once the vulnerability was discovered.

The impact was not confined to a single chain. Because CrossCurve connects multiple networks, the exploit appeared to affect assets spanning several ecosystems, amplifying the overall damage and complicating containment efforts.

CrossCurve is backed by Michael Egorov, founder of Curve Finance, and had previously raised $7 million to develop its consensus-based bridging mechanism. The incident therefore carries broader reputational implications beyond the immediate financial loss.

Security Community Reaction

The exploit prompted renewed frustration among security researchers. Taylor Monahan highlighted that message spoofing vulnerabilities remain a recurring failure mode in cross-chain systems, despite years of high-profile lessons from earlier bridge hacks.

The underlying issue, as experts note, is structural. Cross-chain protocols rely heavily on correct message validation across heterogeneous environments, making even small logic oversights potentially catastrophic. The CrossCurve incident reinforces how unforgiving this design space remains.

Takeaway

The CrossCurve exploit is less about a novel attack vector and more about a familiar one reappearing under a new name. Missing validation checks and spoofed messages continue to represent systemic risks for cross-chain bridges, regardless of funding, backing, or architectural ambition. Until message verification is treated as a zero-tolerance surface, similar incidents are likely to remain a recurring feature of cross-chain infrastructure rather than a solved problem.

The post CrossCurve Bridge Hit by $3M Exploit as Message Spoofing Strikes Again appeared first on ETHNews.