Peter Zhang
May 18, 2026 07:04
Attack on Verus Ethereum bridge drains $11.58M. Exploit highlights cross-chain vulnerability risks in crypto. ETH, USDC, tBTC affected.
The Verus Ethereum bridge was reportedly exploited for $11.58 million on May 17–18, 2026, marking another significant breach in cross-chain infrastructure. Attackers targeted the bridge’s verification system to drain 1,625 ETH, 147,659 USDC, and 103.57 tBTC, according to reports from security firms Blockaid and PeckShield.
The stolen funds were quickly consolidated into 5,402 ETH, with a current value of approximately $11.4 million, per Etherscan data. At the time of the attack, ETH traded at $2,117.61, USDC hovered near its $1 peg, and tBTC stood at $76,459. The Verus team has yet to issue a public statement on the breach.
How the Attack Happened
According to Blockaid, the exploit leveraged a forged cross-chain transfer payload to manipulate the bridge into approving fraudulent transactions. The attacker bypassed key validation steps, tricking the system into releasing funds from the bridge’s reserves. Security firm ExVul confirmed this assessment, attributing the issue to inadequate source-amount validation in Verus’s smart contract code. The vulnerability could reportedly be patched with minor Solidity code adjustments.
This attack bears similarities to past high-profile bridge exploits, such as the $325 million Wormhole breach and the $190 million Nomad Bridge hack in 2022. In all cases, attackers exploited weaknesses in cross-chain verification processes, underscoring the persistent risks in decentralized bridge technology.
Cross-Chain Bridges: A Weak Link?
Verus launched its Ethereum bridge in October 2023, touting it as a decentralized, trustless solution for transferring assets between the Verus blockchain and Ethereum. The bridge locks assets on the source chain—Ethereum in this case—and issues corresponding tokens on Verus. However, as this incident shows, vulnerabilities in bridge protocols can expose significant funds to theft.
“Bridges should add strict payload-to-execution validation, defense in depth around proof verification, and pause outbound flows when anomalous imports are detected,” ExVul stated, highlighting the need for tighter security in cross-chain systems.
Despite the promise of interoperability, cross-chain bridges remain one of the most targeted components in crypto infrastructure. In the first quarter of 2026 alone, attackers drained $168.6 million across 34 decentralized finance (DeFi) protocols, according to industry data. High-profile breaches like the Verus and THORChain exploits ($10 million stolen) continue to erode trust in these critical systems.
Market and Industry Impact
Beyond the immediate financial losses, incidents like these reinforce skepticism around cross-chain technology. Traders may hesitate to use bridges, fearing similar exploits. Meanwhile, projects are under pressure to enhance code audits and adopt robust verification mechanisms.
The stolen assets—ETH, USDC, and tBTC—represent a significant portion of the bridge’s reserves. Ethereum, with a market cap of $254 billion as of May 18, remains a cornerstone of DeFi, while USDC’s $75.3 billion circulating supply underscores its systemic importance as a stablecoin. tBTC, an ERC-20 representation of Bitcoin, highlights the growing demand for interoperable Bitcoin solutions despite its smaller $747 million market cap.
For now, the Verus Ethereum bridge exploit serves as a stark reminder: while cross-chain bridges promise seamless asset transfers, they remain high-risk targets without rigorous security frameworks.
Image source: Shutterstock
Be the first to comment