Key Takeaways
- The Verus-Ethereum bridge lost $11.5M, with the attacker converting 103.6 tBTC, 1,625 ETH, and 147K USDC into ~5,402 ETH.
- Blockaid flagged the Verus exploit in real time, and several security firms confirmed the attacker’s wallet was seeded via Tornado Cash.
- The attack is part of a broader surge as Peckshield has already tracked 8 bridge hacks totaling $328.6M during the first half of May.
Attacker Converts Loot to ETH and Tornado Cash Trail Emerges
The Verus-Ethereum bridge was drained of approximately $11.5 million in a coordinated exploit, with analytics confirming that the attacker extracted 103.6 tBTC, 1,625 ETH, and 147,000 USDC from the bridge before converting all stolen assets into approximately 5,402 ETH (worth roughly $11.4 million) held at wallet address 0x65Cb25F9.
Security firm Blockaid issued a community alert identifying the attack as it unfolded, subsequently confirming that the attacker’s wallet was initially seeded with 1 ETH via Tornado Cash, a decentralized cryptocurrency mixer that allows users to obscure the origin of funds.
Tornado Cash has appeared in several post-exploit laundering trails of several major crypto thefts in recent years. In the Verus case, the single- ETH seed is consistent with a known pattern where attackers prepare a clean wallet using the mixer before moving, ensuring no direct link between their funding source and the attack address.
Verus is a proof-of-work and proof-of- stake hybrid blockchain focused on privacy and self-sovereign identity. Its Ethereum bridge allows users to transfer assets between the two networks to access decentralized finance ( DeFi) protocols and yield opportunities.
The speed of asset conversion in the Verus attack is notable as all three asset types (namely wrapped bitcoin, ether, and stablecoins) were swapped into a single asset ( ETH) in a short window, making traceability across chains minimal and simplifying the path to any future laundering route.
The breach adds to an accelerating pattern of bridge-related losses in 2026, with Certik labelling April’s wave of attacks as a “high-stakes shift” in cross-chain cybercrime tactics, where attackers are targeting bridge verification weaknesses at an unprecedented scale. Side by side, Peckshield has tracked eight bridge exploits through the first two weeks of May, totaling $328.6 million.
The Verus incident is the most recent addition to that running tally.
Be the first to comment