CrossCurve, a crypto protocol, has reportedly suffered an attack resulting in the exploitation of approximately $3 million. The breach was made possible due to a missing validation check within the ReceiverAxelar contract. This vulnerability allowed attackers to create fake cross-chain messages, which in turn drained liquidity pools.

The absence of proper validation in the ReceiverAxelar contract allowed malicious actors to bypass security measures. By spoofing cross-chain messages, attackers could call the expressExecute function and trigger unauthorized token unlocks directly on the protocol's PortalV2 liquidity pool. Data indicates a sharp decline in the PortalV2 contract balance, plummeting from around $3 million to nearly zero on January 31, confirming the substantial loss across multiple networks.

Following the announcement of the exploit, the token's price experienced a significant drop. Within 24 hours, the price decreased by 15.1% to $0.00109. This price collapse reflects a direct loss of confidence in the protocol’s security and its core liquidity infrastructure.

Cross-chain bridges have been a recurring target for exploits, with over $2.8 billion stolen in similar incidents, representing nearly 40% of all value lost in the Web3 space. The attack vector used in the CrossCurve exploit—a missing validation check—is a known and preventable flaw.

The incident has raised concerns about the long-term viability of the CrossCurve protocol. The breach has eroded trust in the protocol, potentially leading to permanent devaluation risks. To restore credibility, CrossCurve developers need to implement security patches and conduct thorough audits.