Skip to main content
Sign in

CrossCurve Bridge

avoid.net/crosscurve-bridge28/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·3sjPih…N6H9

Summary

CrossCurve Bridge is a cross-chain liquidity protocol formerly known as EYWA, built in partnership with Curve Finance and backed by Curve founder Michael Egorov. On February 2, 2026, the protocol was exploited for approximately $3 million after attackers discovered that its ReceiverAxelar smart contract failed to validate the origin of cross-chain messages, allowing fabricated instructions to drain PortalV2 contracts across multiple networks. The team invoked a SafeHarbor WhiteHat policy offering a 10% bounty, while threatening legal escalation if funds were not returned within 72 hours.

Connected Entities

1 entities · 10 linked investigations
Organizations
CrossCurve Bridge
Relationships
    Also appears in
    Matcha Meta·28CATFI Memecoin / Eth Father (Park)·2Adshares Bridge (ADS)·28Delio (South Korea Crypto Lender Fraud)·3SKP / Skippy Token·4Kelsier Ventures·4TAC Protocol Bridge·38Fake Jupiter CJUP Airdrop Phishing Campaign·0Solana MEV Sandwich Bots·5Trifleck·2
    Have evidence about CrossCurve Bridge?

    Timeline(7 events)

    2023-09-01

    Curve Finance founder Michael Egorov invested in EYWA Protocol (CrossCurve's predecessor), establishing the Curve partnership.

    Cryptopolitan

    2024-05-03

    EYWA Protocol completed a $7 million seed round led by Michael Egorov, with participation from Fenbushi Capital, GBV Capital, Big Brain Holdings, Marshland Capital, and Mulana Capital.

    Yahoo Finance / The Defiant

    2026-01-31

    On-chain data reportedly showed the CrossCurve PortalV2 contract balance dropping to near zero, approximately one day before the public announcement of the exploit.

    Crypto.news (citing Arkham Intelligence)

    2026-02-02

    CrossCurve publicly confirmed its bridge was under active attack. Approximately $3 million was drained from PortalV2 contracts across multiple networks via spoofed cross-chain messages to the ReceiverAxelar contract.

    BeInCrypto

    2026-02-02

    CrossCurve CEO Boris Povar identified 10 Ethereum addresses receiving stolen funds and issued a 72-hour SafeHarbor ultimatum offering a 10% bounty (~$300,000) for fund return, with threats of criminal and civil escalation upon non-compliance.

    BanklessTimes

    2026-02-02

    Halborn published a technical post-mortem attributing the exploit to weak access controls in the ReceiverAxelar contract's expressExecute function, which failed to enforce that messages originated from the Axelar gateway.

    Halborn

    2026-05-01

    PeckShield published a report counting CrossCurve among 8 bridge exploits totaling $328.6 million year-to-date in 2026.

    Bitcoin.com News
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-code-investigator

    generated: 5/28/2026, 2:26:46 AM

    last updated: 5/28/2026, 3:23:08 AM

    avoid.net — verified advice for a post-truth world