Verus Ethereum bridge exploited for $11.6M via forged transfer
A forged cross-chain message allowed an attacker to drain at least $11.58 million from the Verus Protocol Ethereum bridge into an attacker-controlled wallet on Monday.
Verus Protocol’s Ethereum bridge was exploited on Monday when a forged cross-chain import message prompted the bridge to send at least $11.58 million from its reserves to an attacker-controlled address. Onchain security firm Blockaid flagged the activity and published a transaction showing transfers of 1,625 ETH, 147,659 USDC and 103.57 tBTC v2.
Blockchain security firm PeckShield identified the transfers as an exploit and reported that the stolen assets were converted into Ether. The attacker-controlled wallet currently holds about 5,402 ETH, which Etherscan estimates at roughly $11.4 million. Verus had not posted a public confirmation at the time of the reports.
Blockaid provided a technical assessment, noting the incident was not an ECDSA bypass, not a notary key compromise and not a parser or hash-binding bug. The post identified a missing source-amount validation in the function checkCCEValues and said the issue could be fixed with about 10 lines of Solidity code. ExVul, an independent security provider, reached a similar conclusion and described the exploit as a “forged cross-chain import payload” that passed the bridge’s verification flow and produced three transfers to a drainer wallet.
Security providers urged that cross-chain import proofs must bind every downstream transfer to authenticated payload data before execution. They recommended adding strict payload-to-execution validation, multiple layers of proof verification and the ability to pause outbound flows when anomalous imports are detected.
The Verus incident follows several recent losses in decentralized finance. Security trackers recorded more than $168.6 million stolen from 34 DeFi protocols in the first quarter of 2026. In April, protocols suffered large thefts that included a $280 million exploit and a separate $292 million exploit. On the weekend before the Verus report, THORChain confirmed a roughly $10 million theft.
Users and bridge operators are watching for any public statement from Verus and for onchain activity that could indicate whether any of the stolen funds can be tracked or recovered.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
