{"id":28877,"date":"2026-05-18T07:11:23","date_gmt":"2026-05-18T07:11:23","guid":{"rendered":"https:\/\/bitunikey.com\/news\/verus-ethereum-bridge-drained-of-11-5m-in-forged-transfer-exploit\/"},"modified":"2026-05-18T07:11:34","modified_gmt":"2026-05-18T07:11:34","slug":"verus-ethereum-bridge-drained-of-11-5m-in-forged-transfer-exploit","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/verus-ethereum-bridge-drained-of-11-5m-in-forged-transfer-exploit\/","title":{"rendered":"Verus Ethereum bridge drained of $11.5M in forged transfer exploit"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p>The Verus Protocol Ethereum bridge has suffered an exploit that has allowed an attacker to siphon off more than $11.5 million in crypto assets through what security researchers described as a forged cross-chain transfer message.<\/p>\n<div id=\"cn-block-summary-block_de1a372d8ea7c11be1c192c38ca998b6\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Verus Protocol\u2019s Ethereum bridge lost more than $11.5 million after attackers reportedly used a forged cross chain transfer message.<\/li>\n<li>Blockchain security firms Blockaid, PeckShield, and ExVul linked the exploit to missing validation checks inside the bridge verification process.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>According to onchain security platform Blockaid, the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/blockaid_\/status\/2056176908333654293\" target=\"_blank\" rel=\"nofollow\">exploit<\/a> was detected late Sunday after its monitoring systems flagged suspicious activity tied to the Verus-Ethereum bridge. Blockaid identified the attacker wallet as \u201c0x5aBb\u2026D5777\u201d and said the stolen funds were initially moved into another address labeled \u201c0x65C\u2026C25F9.\u201d<\/p>\n<p>Data shared by blockchain security firm PeckShield <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/peckshield\/status\/2056183051357495735?s=20\" target=\"_blank\" rel=\"nofollow\">showed<\/a> that the drained assets included 103.6 tBTC, 1,625 ETH, and nearly 147,000 USDC. PeckShield later reported that the attacker swapped the stolen tokens into 5,402 ETH, valued at roughly $11.4 million based on current prices.<\/p>\n<p>Hours before the exploit took place, PeckShield said the attacker\u2019s wallet had received 1 ETH through crypto mixer Tornado Cash, a detail that often appears in attacks involving attempts to obscure transaction origins.<\/p>\n<p>Further analysis from GoPlus Security <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/GoPlusZH\/status\/2056186563210662298\">indicat<\/a><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/GoPlusZH\/status\/2056186563210662298\" target=\"_blank\" rel=\"nofollow\">e<\/a><a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/GoPlusZH\/status\/2056186563210662298\">d<\/a> that the attacker first sent a low-value transaction to the bridge contract before invoking a function that caused reserve assets to be batch-transferred to the drainer wallet.<\/p>\n<p>GoPlus said the exploit was \u201chighly likely\u201d tied to either cross-chain message validation failure, withdrawal logic bypass, or an access control weakness inside the bridge mechanism.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Offering a more specific explanation, Blockaid later stated that the incident resembled the 2022 Nomad Bridge exploit and Wormhole exploit attacks, where fraudulent transfer instructions tricked protocols into releasing reserve funds.<\/p>\n<p>In a follow-up technical assessment, Blockaid said the exploit was \u201cnot an ECDSA bypass,\u201d \u201cnot a notary key compromise,\u201d and \u201cnot a parser\/hash-binding bug.\u201d Instead, the firm attributed the issue to \u201ca missing source-amount validation in checkCCEValues,\u201d describing it as a flaw that could reportedly be fixed with around 10 lines of Solidity code.<\/p>\n<p>Blockchain security provider ExVul <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/exvulsec\/status\/2056195356765868037\" target=\"_blank\" rel=\"nofollow\">reached<\/a> a similar conclusion, saying the attacker used a \u201cforged cross-chain import payload\u201d that successfully passed the bridge\u2019s verification process. According to ExVul, the exploit eventually triggered three separate transfers from the bridge reserves into the attacker-controlled wallet.<\/p>\n<p>ExVul added that cross-chain proof systems should directly tie transfer execution to authenticated payload data before funds are released. The firm also recommended stricter payload validation, layered verification protections, and emergency pause mechanisms for unusual outbound transfers.<\/p>\n<h2 class=\"wp-block-heading\">Bridge exploits continue to hit DeFi sector<\/h2>\n<p>Launched in 2023, the Verus-Ethereum bridge allows users to move and convert assets between the Verus network and Ethereum. The protocol itself was introduced in 2018 and operates using a hybrid proof-of-work and proof-of-stake consensus model.<\/p>\n<p>As of publication, the Verus team had not publicly commented on the exploit.<\/p>\n<p>The incident has arrived during a year already hit by multiple major decentralized finance breaches. According to security tracking data cited in the additional reports, crypto hackers stole more than $168.6 million from 34 DeFi protocols during the first quarter of 2026 alone.<\/p>\n<p>April accounted for two of the largest attacks recorded this year, including the reported $280 million Drift Protocol exploit and the $292 million Kelp exploit.<\/p>\n<p>Over the weekend, cross-chain liquidity protocol THORChain also confirmed suffering a separate $10 million exploit, adding to mounting concerns surrounding bridge and interoperability infrastructure across the DeFi sector.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Verus Protocol Ethereum bridge has suffered an exploit that has allowed an attacker to siphon off more than $11.5 million in crypto assets through what security researchers described as&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1981,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-28877","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=28877"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28877\/revisions"}],"predecessor-version":[{"id":28878,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28877\/revisions\/28878"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/1981"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=28877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=28877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=28877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}