CrossCurve Bridge Exploited for $3M in Message‑Spoofing Attack
CrossCurve (formerly EYWA) says roughly $3 million was drained after attackers spoofed cross‑chain messages to exploit a smart‑contract validation flaw [1][3].
CrossCurve confirmed its cross‑chain bridge was actively under attack after an exploit drained roughly $3 million in user assets across multiple connected networks on January 31–February 1, 2026 [1][2].
Security analysis attributes the breach to a ReceiverAxelar contract that lacked validation checks, which allowed attackers to spoof messages and withdraw funds from PortalV2; observers compared the flaw to past bridge failures such as Nomad in 2022 [3][1].
Protocol maintainers paused protocol interactions following the incident, and the exploit prompted immediate scrutiny of CrossCurve — a project tied to Michael Egorov — as markets and users reacted to the announcement [5][2].
The incident highlights recurring vulnerabilities in cross‑chain messaging infrastructure and is under further investigation as teams work to contain the breach and assess asset impact [1][3].
CrossCurve’s report and subsequent analysis reinforce long‑standing concerns about the security of cross‑chain bridges; investigators and the protocol team continue to evaluate the scope and implications of the $3 million loss [1][3].
Anonymous signal used only for weekly cluster rankings. No public counters.
Share
Broadcast this coverage
Copy-ready links for the networks your audience checks first.
Support independent reporting
If this summary helped, a small tip helps keep ClusterWire running.
Privacy note: we log tip UI events (page + action, and article slug when applicable) to improve the feature. We don’t store IP address, user-agent, or wallet addresses in analytics. Tips are on-chain, so the sending address is public in the transaction.
Citations
Follow the primary reporting behind this analysis. Click a citation to open the referenced source in a new tab.
- 1CrossCurve Bridge Hit by $3M Exploit as Message Spoofing Strikes AgainETHNews• Feb 2, 2026
- 2Crypto protocol CrossCurve suffers $3M exploitCryptopolitan• Feb 2, 2026
- 3CrossCurve Bridge Exploited for $3 Million Through Smart Contract Validation FlawBlockonomi• Feb 1, 2026
- 5CrossCurve Bridge Exploit Drains $3 Million FundsNFTenex• Feb 2, 2026
Themes
Themes driving this story
Curated from the cluster of sources powering this article.