Verus Ethereum Bridge Exploited for $11.6M

On May 18, 2026, Verus Protocol's Ethereum bridge fell victim to a sophisticated exploit resulting in the theft of $11.58 million in cryptocurrency. Security firms Blockaid and PeckShield independently confirmed the attack through onchain analysis.

The exploit leveraged a fake cross-chain transfer message to enable unauthorized fund extraction. The initial theft comprised 1,625 Ether, 147,659 USDC, and 103.57 tBTC v2. Security investigators tracked the stolen assets as they were converted into 5,402 Ether, currently held in a flagged wallet worth approximately $11.4 million at the time of detection.

Blockaid's detection system identified the ongoing exploit in real-time and published transaction evidence on Etherscan. PeckShield corroborated the findings through independent onchain data analysis, marking another significant vulnerability in decentralized finance infrastructure.

This incident underscores persistent risks in [INTERNAL: cross-chain bridges] that enable asset transfers between blockchain networks. Bridge exploits have become increasingly common as hackers target weaknesses in validation mechanisms. The vulnerability highlights why users should exercise caution with emerging bridge protocols that lack extensive security audits.

The attack demonstrates how [INTERNAL: DeFi security] remains a critical concern despite industry maturation. As more capital flows through cross-chain solutions, these systems become attractive targets for sophisticated attackers. The fake transfer message technique suggests attackers exploited message verification flaws in the bridge's validation architecture.

Verus Protocol has not yet issued official statements regarding remediation efforts or user compensation. The incident adds to growing concerns about bridge security across major ecosystems and may prompt regulatory scrutiny of cross-chain protocols.

Not financial advice.