The CrossCurve $3M Bridge Exploit: How One Missing Check Let Attackers Forge Cross-Chain Messages

The CrossCurve $3M Bridge Exploit How a single missing access control check let an attacker forge cross-chain messages — and the 4-layer defense every bridge must implement On February 1, 2026, the CrossCurve bridge (formerly EYWA) lost approximately $3 million across Arbitrum, Ethereum, and several other chains. The root cause wasn't a sophisticated flash loan or a novel cryptographic attack — it was a publicly callable function with insufficient input validation. This is one of