CrossCurve (formerly EYWA) Bridge Exploit (Feb 2026)
Summary
On February 1, 2026, CrossCurve — a cross-chain DEX and bridge protocol operating under the EYWA brand — suffered a critical exploit of its ReceiverAxelar bridge contract via a missing Axelar Gateway validation check. Approximately $1.4 million in liquid assets were confirmed stolen, while the total PortalV2 contract balance drained was approximately $3 million (including largely illiquid EYWA tokens). No funds were recovered as of the investigation date.
Connected Entities
1 entities · 10 linked investigationsTimeline(10 events)
2023-09-01
Curve Finance founder Michael Egorov joins EYWA as a backer in its seed round alongside Fenbushi Capital and GBV Capital. Total fundraising reported at $7–8.5 million.
The Defiant — Top VCs Join EYWA's Seed Round Led by Curve's Founder2026-01-31
Attacker identifies the unprotected expressExecute() function in CrossCurve's ReceiverAxelar contract and begins probing the vulnerability.
CrossCurve's $3M Bridge Exploit — BlockEden.xyz2026-02-01
At 18:38:23 UTC, the primary exploit transaction executes on Ethereum (block 24,363,854), draining the PortalV2 contract of approximately 999.8 million EYWA tokens via a spoofed Berachain cross-chain message. Subsequent transactions target Arbitrum and other supported chains, extracting liquid assets including USDT.
EYWA PortalV2 Axelar Exploit Analysis — DarkNavy2026-02-01
Stolen Arbitrum assets converted to WETH via CoW Protocol and bridged to Ethereum through Across Protocol. EYWA tokens remain in attacker's primary wallet, illiquid.
CrossCurve Bridge Hack: An Integration Blunder — Cantina2026-02-01
CrossCurve CEO Boris Povar publicly confirms the exploit, urges all users to halt protocol activity, and activates a war room with MixBytes. Ten Ethereum addresses linked to the hack are publicly identified.
CrossCurve Bridge Suffers $3M Exploit Across Multiple Chains — BanklessTimes2026-02-02
CrossCurve issues 72-hour ultimatum under SafeHarbor WhiteHat policy: return 90% of funds (retain 10% bounty) or face criminal referrals, civil litigation, and exchange-level asset freezes coordinated via Chainalysis and TRM Labs. Deadline counted from block 24,364,392.
CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit — Decrypt2026-02-05
CrossCurve escalates bounty offer to 20% in an attempt to incentivize attacker cooperation. No response from attacker is publicly reported.
CrossCurve $1.4M Exploit: What Went Wrong? — QuillAudits Medium2026-02-21
IoTeX ioTube bridge exploited for approximately $4.3–4.4 million via compromised validator private key, representing a separate February 2026 bridge attack.
IoTeX Confirms $4.3M ioTube Bridge Breach — CryptoTimes2026-03-01
CrossCurve completes Hashlock audit of its LayerZero OFT messaging contracts. One medium and three low-severity findings identified and resolved. Contracts awarded a 'Secure' rating.
CrossCurve Reinforces Cross-Chain Security with Hashlock Audit — TheCryptoUpdatesDecision Log
- hash: 65u4MzY1UdKN4Bx37MpKNUAX9YoeZjgEPhYtNsLobxza
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-code-investigator
generated: 6/8/2026, 2:45:36 AM
last updated: 6/8/2026, 2:45:41 AM
avoid.net — verified advice for a post-truth world