CrossCurve, a cross-chain bridge formerly known as EYWA, has suffered a major cyberattack after hackers exploited a vulnerability in its smart contract infrastructure, draining about $3 million across multiple blockchain networks.
The CrossCurve team confirmed the incident on Sunday, saying its bridge infrastructure was under active attack and urging users to immediately stop interacting with the protocol.
“Our bridge is currently under attack, involving the exploitation of a vulnerability in one of the smart contracts used,” CrossCurve said in a post on X.
“Please pause all interactions with CrossCurve while the investigation is ongoing.”
Blockchain security account Defimon Alerts said the exploit stemmed from a gateway validation bypass in CrossCurve’s ReceiverAxelar contract. According to the analysis, the contract was missing a critical validation check, allowing attackers to call the expressExecute function using spoofed cross-chain messages.
By abusing this flaw, the attackers were able to bypass the intended gateway validation logic and trigger unauthorized token unlocks on the PortalV2 contract, resulting in the loss of funds. The exploit affected CrossCurve deployments across several blockchain networks.
Data from Arkham Intelligence, shared by Defimon Alerts, shows that the PortalV2 contract balance fell from roughly $3 million to nearly zero around Jan. 31. Transaction records indicate the attack unfolded across multiple chains
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: