In a startling development on the decentralized finance (DeFi) landscape, the Verus Ethereum bridge has fallen prey to a significant exploit, resulting in an estimated loss of $11.58 million. Cybercriminals executed a sophisticated operation utilizing forged cross-chain transfer data to siphon off cryptocurrencies, leading to a marked increase in scrutiny over the security measures employed by DeFi protocols.
The breach, identified on Monday, involved attackers deceiving the Verus Protocol into authorizing fraudulent transfers. Onchain security platform Blockaid publicly flagged the incident, citing the transfer of 1,625 Ether (ETH), 147,659 USDC, and approximately 103.57 tBTC v2, equating to over $11.5 million at market value. Both Blockaid and the blockchain security company PeckShield confirmed the exploit, stating the stolen assets have since been funneled into a wallet now holding 5,402 Ether, valued at more than $11.4 million, according to data from Etherscan.
“This incident bears striking similarities to past high-profile exploits, such as the 2022 Nomad Bridge breach and the Wormhole exploit,” Blockaid reported. The exploit appears to stem from a vulnerability in the bridge's verification process, as the attackers were able to submit deceptive transfer instructions that bypassed vital security checks.
“NOT an ECDSA bypass. NOT a notary key compromise. This is a missing source-amount validation issue, which could be rectified with a mere ten lines of Solidity code,” Blockaid noted, highlighting the technical nature of the vulnerability that facilitated the attack.
ExVul, another notable blockchain security firm, corroborated Blockaid’s findings, noting that the exploit involved a “forged cross-chain import payload.” This payload successfully navigated the verification flow of the bridge, leading to three illicit transfers to the hacker's wallet in rapid succession. The need for enhanced security protocols is underscored, as experts emphasize the necessity for bridges to implement stringent validation measures before executing transfers.
This latest incident is part of a worrying trend, with cybercriminals pilfering over $168.6 million from 34 DeFi protocols in just the first quarter of 2026 alone. April marked particularly tumultuous, seeing the drift of $280 million from the Drift Protocol and a staggering $292 million from Kelp.
Following this exploit, THORChain also disclosed suffering a $10 million breach shortly before the Verus Ethereum incident, amplifying concerns about the vulnerability of DeFi systems. As crypto markets react, experts urge expanded transparency and robust security measures to protect assets and rebuild trust in the sphere.
As of now, Cointelegraph has reached out to Verus for an official statement regarding the incident, but as of the time of publication, the protocol has not yet confirmed the exploit publicly.
Source: Cointelegraph
Source: CoinTelegraph DeFi
More Recommended
Legend Halts Operations as DeFi Landscape Faces Un...
