Photo: Illustrative
Verus Ethereum Bridge Exploit Drains $11.58 Million in Ongoing Security Breach
The Verus-Ethereum bridge is facing an ongoing exploit that has already drained around $11.58 million in digital assets, according to reports from multiple blockchain security firms. The incident has raised fresh concerns about the safety of cross-chain bridges, which are often targeted by hackers because they hold large reserves of crypto assets.
The Verus-Ethereum bridge is facing an ongoing exploit that has already drained around $11.58 million in digital assets, according to reports from multiple blockchain security firms. The incident has raised fresh concerns about the safety of cross-chain bridges, which are often targeted by hackers because they hold large reserves of crypto assets.
Blockchain security platform Blockaid first reported the exploit late Sunday, saying the attack was still ongoing. The company identified the attacker’s wallet address as “0x5aBb…D5777” and said the stolen assets were later transferred to another wallet, “0x65C…C25F9.”
Stolen Crypto Includes tBTC, ETH and USDC
Security firm PeckShield shared details of the stolen funds, saying the Verus-Ethereum bridge had been drained of 103.6 tBTC, 1,625 ETH and nearly 147,000 USDC. According to the firm, the attacker later swapped the stolen tokens for 5,402 ETH, valued at roughly $11.4 million.
PeckShield also said the attacker’s wallet was initially funded with 1 ETH through Tornado Cash around 14 hours before the exploit. Privacy tools like Tornado Cash are often used to make blockchain transactions harder to trace.
Security Experts Explain Possible Cause of Attack
Another security company, GoPlus, said the attacker appeared to send a low-value transaction to the bridge contract before calling a specific function that allowed reserve assets to be batch-transferred to the drainer wallet.
GoPlus suggested the exploit was likely caused by a cross-chain message validation problem, signature forgery, withdrawal logic bypass or an access control flaw.
Verus Team Yet to Release Official Statement
The Verus team had not publicly commented on the incident at the time of reporting. Verus, launched in 2018, is a privacy-focused blockchain that combines proof-of-work and proof-of-stake. Its Ethereum bridge, launched in October 2023, was designed to let users transfer and convert assets between the Verus network and Ethereum.
Live market reaction
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.
Start trading
with BloFin today
Up to $500 sign-up bonus and zero-fee trading on your first 30 days.
Buy crypto nowⓘ You will be redirected to BloFin
About the author
8+ years covering crypto markets, macro, and geopolitics. Previously at Decrypt and CoinDesk. Focused on the intersection of digital assets and traditional finance.
.jpeg&w=32&q=75){kind=small}
Laurisa · 
Tristan R. · 