CrossCurve, a cross chain liquidity protocol, was stolen approximately $3 million due to a smart contract vulnerability

CrossCurve (formerly known as EYWA), a cross chain liquidity protocol, has confirmed that its cross chain bridge protocol has been attacked due to a smart contract vulnerability, resulting in approximately $3 million in funds being stolen across multiple networks. Defimon Alerts, a blockchain security agency, pointed out that attackers exploit the gateway verification vulnerability in the ReceptrAxelar contract by forging cross chain messages to call the expressionExecute function, bypassing gateway verification and triggering unauthorized token unlocking on the PortalV2 contract. CrossCurve is supported by Michael Egorov, founder of Curve Finance, and has raised $7 million in funding.