• CrossCurve confirmed an lively bridge exploit enabling roughly US$3 million in unauthorised token unlocks.
  • A validation bypass allowed spoofed cross-chain messages to empty funds from the PortalV2 contract.
  • The incident drew comparisons to the Nomad hack and prompted warnings from Curve Finance.

Cross-chain liquidity protocol CrossCurve has confirmed its bridge infrastructure is below lively assault following the exploitation of a wise contract vulnerability that enabled unauthorised token unlocks price roughly US$3 million (AU$4.32 million).CrossCurve disclosed the incident on Sunday, warning customers to right away halt all interactions with the platform whereas investigations proceed.

Blockchain safety firm-linked account Defimon Alerts attributed the exploit to a validation flaw inside CrossCurve’s ReceiverAxelar contract. The vulnerability allowed attackers to submit fabricated cross-chain messages through the expressExecute perform, bypassing gateway checks designed to authenticate transactions. This bypass triggered unauthorised token releases from the protocol’s PortalV2 contract with out correct verification.

On-chain information shared by Defimon Alerts exhibits the PortalV2 contract steadiness falling from roughly US$3 million (AU$4.32 million) to just about zero on 31 January. The exploit seems to have affected a number of blockchain networks linked to CrossCurve’s bridge infrastructure.

Associated: Crypto Sell-Off Deepens as Bitcoin Briefly Dips Below $84K

Issues Over Longstanding Bridge Weaknesses

The assault has drawn comparisons to the 2022 Nomad bridge incident, the place flawed validation logic enabled widespread fund withdrawals. Safety researcher Taylor Monahan famous that the identical class of weak point continues to resurface in cross-chain techniques.

CrossCurve, previously often known as EYWA Protocol, operates a cross-chain decentralised change and consensus bridge developed in partnership with Curve Finance. The protocol routes transactions by a number of unbiased validation layers, together with Axelar, LayerZero and the EYWA Oracle Community, in an effort to scale back single factors of failure.

Regardless of these safeguards, Curve Finance suggested customers with publicity to EYWA-related swimming pools to reassess their positions and contemplate eradicating votes. The platform reiterated the significance of exercising warning when interacting with third-party protocols.

Associated: SEC Chair Walks Back Timeline on Sweeping Crypto Exemptions After Wall Street Pushback

The put up CrossCurve Bridge Drained in US$3M Smart Contract Exploit Across Multiple Chains appeared first on Crypto News Australia.