Hackers Drain $11 Million in Crypto from Verus Ethereum Bridge

Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

The Verus-Ethereum Bridge suffered an exploit that drained about $11.5 million worth of crypto assets, according to multiple blockchain security firms. The attacker stole 1,625 ETH, 103.6 tBTC, and 147,000 USDC before consolidating the funds into a single wallet now holding more than 5,400 ETH. The incident adds another major bridge exploit to a sector that has already lost hundreds of millions of dollars this year alone.

Verus Bridge Drained In Ongoing Exploit

Security platform Blockaid first flagged the bridge hack on May 18, warning that the Verus-Ethereum Bridge was facing an active exploit. PeckShield later confirmed the stolen assets included Bitcoin-backed tBTC, Ethereum, and USDC stablecoins.

The attacker reportedly used wallet address 0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777, and the stolen funds were moved into a separate drainer wallet identified as 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.

According to PeckShield, the exploiter swapped the stolen assets into approximately 5,402 ETH worth around $11.4 million. The wallet was still holding the funds at the time security researchers published their alerts.

GoPlus Security said the attacker triggered a custom bridge function using a low-value transaction sent directly to the Verus-Ethereum Bridge contract. Researchers believe the exploit may involve message validation failures, withdrawal logic bypasses, forged signatures, or wider access control weaknesses.

Bridge Attacks Continue To Hit Crypto Infrastructure

Blockchain investigators also noted that the attacker’s original wallet received 1 ETH through Tornado Cash around 14 hours before the exploit. That detail may complicate efforts to trace the individual(s) behind the attack.

The exploit transaction shows the attacker invoking a specific contract method tied to the Verus bridge infrastructure before transferring reserve assets out in bulk. Security firms said the funds haven’t yet been widely mixed or bridged elsewhere, potentially giving investigators a window to monitor or intercept future movements.

The Verus team hadn’t publicly commented on the exploit at the time of publication, but the price of its token, VRSC, has already suffered, having dropped 4.1% in the last 24 hours, adding up to the 1.9% decline in the last seven days, and a loss of 3.2% across the month, per the latest data.

Bridge-related attacks remain one of the biggest security problems plaguing the crypto industry. Cross-chain infrastructure continues holding large pools of liquidity inside complex smart contracts, and this makes bridges attractive targets for attackers looking for single points of failure.