Verus-Ethereum Bridge Exploit Drains $11.58 Million |

What Happened to the Verus-Ethereum Bridge?

DeFi protocol Verus is facing an ongoing exploit targeting its Ethereum bridge, with losses reaching roughly $11.58 million so far, according to blockchain security firms. Onchain security platform Blockaid reported the attack in a late Sunday post on X, identifying the attacker’s address as “0x5aBb…D5777.” Blockaid said the stolen funds were stored in wallet address “0x65C…C25F9.” Blockchain security firm Peckshield said the Verus-Ethereum bridge was drained of 103.6 tBTC, 1,625 ETH, and 147,000 USDC. The firm added that the attacker later swapped the stolen assets for 5,402 ETH, worth about $11.4 million. The exploit adds to a series of attacks targeting bridge infrastructure, where smart contracts, messaging systems, and reserve mechanisms can expose large pools of assets if validation or withdrawal logic fails. For Verus, the incident has already moved beyond a token loss event. The network itself has halted while developers investigate the attack.

How Did the Attack Unfold?

Peckshield said the attacker’s address was initially funded with 1 ETH via Tornado Cash about 14 hours before its report. That detail points to a common preparation pattern in DeFi exploits, where attackers use privacy tools to fund the first transaction used to interact with vulnerable contracts. GoPlus, another blockchain security company, said the attacker appeared to have sent a low-value transaction to the bridge contract before calling a specific function that caused the bridge contract to batch-transfer reserve assets to the drainer. “It is highly likely to be cross-chain message validation/signature forgery, withdrawal logic bypass, or access control flaw,” GoPlus said. The exact cause has not yet been confirmed by the Verus team. But the early analysis points to the central risk in cross-chain bridge design: once a bridge accepts a forged or improper instruction, the contract may treat the action as valid and release assets from reserves. That creates a direct path from a logic failure to a balance-sheet loss.

Investor Takeaway

The Verus exploit reinforces why bridge security remains one of the most fragile areas in DeFi. The main risk is not only theft from one contract, but the possibility that flawed validation can let attackers drain reserve assets across connected networks.

Why Did the Verus Network Halt?

The Verus team said in its Discord channel that the Verus network has halted, “with most block-generating nodes taking themselves offline after encountering byproducts of the attack as designed.” “Developers are investigating exactly how the attack was carried out and determining next steps,” the team added. The halt shows how bridge exploits can affect the underlying network, not only the contract or asset pool under attack. If nodes encounter unexpected outputs or attack-related effects, stopping block generation can help prevent further damage while developers review the chain state and assess whether additional funds or contracts remain exposed. That response may limit further losses, but it also raises operational questions. Network halts interrupt users, applications, liquidity providers, and any market participants relying on timely settlement. For investors and protocol users, the trade-off is clear: halting the network can reduce immediate damage, but it also shows that the protocol’s normal operating assumptions have broken down.

What Does This Mean for Bridge Risk?

Verus is a privacy-oriented blockchain protocol launched in 2018. It uses a hybrid proof-of-power consensus model combining proof-of-work and proof-of-stake. The protocol launched the Verus-Ethereum bridge in October 2023 to let users transfer and convert assets between the Verus network and Ethereum. The bridge was designed to connect Verus liquidity with Ethereum-based assets, but the exploit highlights the risk that comes with cross-chain connectivity. Bridges can increase utility and liquidity, yet they also concentrate risk in contracts that hold or control reserve assets. When those systems fail, the loss can be immediate and difficult to reverse. The Verus exploit is still ongoing, and the final loss figure could change. Until the team completes its investigation, the main unanswered questions are how the attacker triggered the reserve transfers, whether the vulnerability affects other parts of the bridge, and how the protocol plans to restore network operations.