It has been reported that the Verus Ethereum bridge has been exploited for 11.58 million dollars
The Verus Protocol Ethereum Bridge was allegedly hacked on Monday by a fake chain transfer message.
Onchain security platform Blockaid announced on X-Post on Monday that its scanning system detected an exploit on the Verus-Ethereum bridge and revealed on Etherscan the transfer of 1,625 Ether (ETH), 147,659 USDC (USDC) and 103.57 tBTC v2, over $11.5 million.
Blockchain security company PeckShield called the transfer an exploit, with onchain data showing that the currency had been converted to Ether. The wallet shows a balance of 5,402 Ether worth more than $11.4 million, Etherscan said.
Cointelegraph has reached out to Verus for comment. The protocol had not officially confirmed the exploit at the time of publication.
Source: Blockaid
Crypto hackers stole over $168.6 million in crypto from 34 decentralized finance protocols in the first quarter of 2026. April has seen the two biggest hacks of the year so far: the $280 million Drift Protocol exploit earlier in the month and the $292 million Kelp exploit.
Fraudulent transfer guidelines led to exploitation.
According to Blockaid, the Verus Protocol event will coincide with the $190 million Nomad Bridge exploit and 2022's $325 million Wormhole exploit.
The attacker used the Verus Ethereum bridge to trick the protocol into believing that the transfer instructions were genuine, causing the bridge to send funds from the accumulated funds to the attacker's wallet, Blockaid said.
“Not an ECDSA pass. Not a notary key agreement. Not a parser/hash-bind error. It's a missing source-size validation in ChexiValues - ~10 lines of Solidity to fix,” he added.
Blockchain security provider Exville came to a similar conclusion and said the attacker used a “forged chain import payload” that bypassed the “bridge authentication flow” and made “three attacker-linked transfers to the drain wallet.”
Related: Aethir ends bridge exploit, promises compensation after $90k loss
“Bridges should add strict payment-to-execution verification, proof-of-depth defenses, and stop outflows when anomalies are detected,” said the blockchain security provider.
The incident comes after THORChain confirmed that it had suffered a $10 million exploit on Saturday.
Magazine: The legal battle over who can claim DeFi's stolen millions
