Verus Ethereum Bridge Exploited; More Than $11 Million in Crypto Reportedly Stolen

Verus is dealing with a major exploit involving its Ethereum bridge, after blockchain security firms estimated losses of roughly $11.58 million. Onchain security platform Blockaid flagged suspicious activity late Sunday, pointing to an attacker wallet beginning with "0x5aBb". The platform said the stolen funds were subsequently held at another address ending in "C25F9". PeckShield later estimated the bridge lost about 103.6 tBTC, 1,625 ETH and $147,000. Investigators said the attacker swapped the stolen assets into about 5,402 ETH, worth roughly $11.4 million at current prices. Researchers also noted the attacker wallet was funded shortly before the exploit through Tornado Cash, a crypto mixing service. The address received 1 ETH around 14 hours before the attack. GoPlus suggested the incident may have leveraged a complex weakness in the bridge's transaction verification. The firm said the attacker first sent a small transaction to the bridge contract, then triggered a function that enabled bulk direct transfers of reserve assets to the compromised wallet. GoPlus added the exploit could be tied to failed crosschain message verification, signature forgery, withdrawal logic bypass, or access-control flaws. Launched in 2018, Verus is a privacy-focused blockchain network using a hybrid "proof of power" consensus model that combines proof of work and proof of stake. Its Ethereum bridge, introduced in October 2023, allows users to move and convert assets between the Verus ecosystem and Ethereum.