CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit
CrossCurve, a decentralized finance protocol formerly known as EYWA, reported a hack exploiting a vulnerability in its cross-chain bridge smart contract, allowing an attacker to take user funds. The team identified ten Ethereum addresses that received the stolen tokens and urged the holders to return the funds within 72 hours or face legal action. CrossCurve CEO Boris Povar stated there was no initial indication of malicious intent but warned that failure to respond would result in escalated measures, including asset freezes and law enforcement involvement. Security estimates place losses at $2.76–$3 million across several networks, including Ethereum and Arbitrum. The exploit stemmed from insufficient validation of cross-chain messages, enabling forged data to bypass checks and release assets. Analysts emphasize persistent risks in cross-chain bridge security, particularly with custom receiver contract logic, citing similar vulnerabilities in previous bridge hacks. CrossCurve has not confirmed the loss total or provided its own estimate.
