CrossCurve moved quickly to contain a bridge exploit that allowed unauthorized EYWA token releases on Ethereum.
CrossCurve, the decentralized finance protocol formerly known as EYWA, confirmed that it stopped a bridge exploit tied to its cross-chain token system on Sunday. The attack targeted the Ethereum side of the bridge and led to unauthorized token releases after a smart contract flaw was abused.
The team stated that the attacker pulled EYWA tokens from the Ethereum bridge contract. Those tokens cannot move or be sold. Only one centralized venue had an Ethereum ETH $2 364 24h volatility: 1.9% Market cap: $285.17 B Vol. 24h: $10.27 B deposit channel for EYWA, and that deposit route has been frozen. Tokens on Arbitrum were not affected, and no fresh supply entered the market.
Security Update on the $EYWA token
We have contained the exploit
The hacker extracted $EYWA from our bridge on the Ethereum network but is unable to spend them since only the @XTexchange had the Ethereum deposit for our token and it has been frozen.
Your $EYWA is SAFU, as are…
— CrossCurve (@crosscurvefi) February 2, 2026
CrossCurve also contacted all centralized exchanges where EYWA trades, including KuCoin, Gate, MEXC, BingX, and BitMart. The goal was to block any exit path for the stolen tokens. The protocol said the stolen EYWA supply cannot circulate and will not impact the token supply or price.
Addresses Flagged, Legal Clock Starts
The same day, CrossCurve confirmed it tracked ten Ethereum addresses tied to the exploit. According to the team, funds moved into these wallets due to a smart contract failure in the bridge logic, not user error.
⚠️ Official Notice: Return of Exploited Funds
We have identified that the following addresses received tokens originating from a smart contract exploit:
0xAc8f44ceCa92b2a4b30360E5bd3043850a0FFcbE
0x8c259f1e53e79408095d0ba805554d4cdda15285…
— CrossCurve (@crosscurvefi) February 1, 2026
Management stated the wallets have 72 hours to return the funds or make contact. If that window closes, the case will turn into a legal battle. That includes criminal referrals, civil action, public wallet disclosure, and coordination with exchanges, token issuers, law enforcement, and blockchain tracking firms.
How the Exploit Worked
Security firms said the attack used a fake cross-chain message that bypassed validation checks in the bridge contract. That message triggered token releases across multiple chains.
Defimon Alerts estimated losses near $3 million across several networks. BlockSec placed total losses closer to $2.76 million. Its breakdown showed about $1.3 million on Ethereum, $1.28 million on Arbitrum, and smaller amounts across Optimism, Base, Mantle, Kava, Frax, Celo, and Blast.
https://twitter.com//status/2018167679300104449?s=20
January Creates Ruckus
The CrossCurve incident landed during the most aggressive theft month in nearly a year. CertiK data showed $370.3 million stolen through exploits and scams in January. That was the highest monthly figure in 11 months and nearly four times higher than January 2025.
Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.
~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.
More details below 👇 pic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
One social engineering case alone accounted for roughly $284 million. Phishing activity made up $311.3 million of total losses for the month. January marked a 277% jump from January 2025, when losses totaled $98 million. It also exceeded December losses of $117.8 million by more than 200%.
The largest technical hack of the month was the Step Finance breach, where attackers took $28.9 million after treasury wallets were compromised and more than 261,000 SOL was drained.
next