Verus-Ethereum Bridge Loses $11.5 Million in Cross-Chain Exploit
Hackers drained $11.5 million from the Verus-Ethereum bridge on May 18, stealing Ethereum (ETH), tBTC, and USDC before converting the haul to 5,402 ETH. Blockchain security firm PeckShield confirmed the conversion in a post published Sunday morning.
The attack is the latest in a sustained campaign against cross-chain infrastructure, which has lost billions of dollars to similar exploits since 2021.
What Happened in the Verus Bridge Exploit
The attacker emptied the bridge of its full reserve, targeting ETH, tBTC, and USDC in a single coordinated drain. PeckShield’s report showed the stolen assets were consolidated and swapped into 5,402 ETH within hours of the exploit.
Funds converted to ETH were sitting on-chain as of Sunday morning, with security researchers tracking the wallet. No mixer or tumbling activity had been detected by the time PeckShield published its update. Verus Protocol had not issued an official post-mortem by 06:00 BST on May 18.
Also Read: Japan Opens Retail Cryptocurrency Access as Brokerages Build in-House Trusts
What Is the Verus-Ethereum Bridge
The Verus-Ethereum bridge is a cross-chain bridge, a protocol that locks assets on one blockchain and mints equivalent tokens on another, allowing users to move value between networks.
Bridges hold large pools of locked assets, making them high-value targets. The Verus Protocol is a proof-of-work and proof-of-stake hybrid blockchain that supports multi-chain functionality.
Its bridge to Ethereum allows users to transfer assets between the Verus network and the Ethereum ecosystem. Analysts covering the Verus incident said that blockchain security remains a persistent challenge for infrastructure of this kind.
Also Read: Chainlink Holds $6.9 Billion in Market Cap as Oracle Network Eyes Tokenization Growth
Background
Cross-chain bridge exploits have extracted more than $2.5 billion from protocols since 2021.
High-profile incidents include the Ronin bridge hack in March 2022, which lost $625 million, and the Wormhole exploit in February 2022, which cost $320 million. The Nomad bridge attack in August 2022 drained $190 million.
Each incident followed a similar pattern: attackers identified a flaw in how the bridge verified transactions or held reserve assets, then withdrew funds before the protocol could respond. The Verus incident carries the same fingerprint.
The $11.5 million loss is smaller than those headline cases, but it reinforces the pattern that bridges serving smaller ecosystems remain under-audited and underfunded for security.
Also Read: Gensyn Enters Broader Awareness as Decentralized AI Compute Token Posts 17% Gain
What Comes Next
Security researchers are monitoring the attacker’s wallet for any attempt to move funds through a mixer or centralized exchange. If the ETH reaches a major exchange, platform compliance teams may be able to flag and freeze the deposit.
Verus Protocol will need to publish a post-mortem explaining the root cause before any bridge relaunch is credible. Broader DeFi security firms have said that bridges serving niche chains carry disproportionate risk relative to their audit budgets, and the Verus incident will likely renew calls for mandatory third-party audits before any bridge holds more than $1 million in reserves.
Read Next: Bitcoin Drops Below $77,000 as Broad Market Sell-off Erases $33 Billion
