Verus Ethereum Bridge Hit by Exploit as Attackers Make Off With About $11.6M

Verus is grappling with a major exploit affecting its Ethereum bridge, with blockchain security firms estimating losses of roughly $11.58 million in digital assets. Onchain security platform Blockaid first flagged the incident late Sunday, pointing to suspicious activity linked to an attacker wallet starting with \u00220x5aBb\u0022. Blockaid said the stolen funds were being held at another address ending in \u0022C25F9\u0022. PeckShield later reported that the VerusEthereum bridge lost about 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Investigators said the attacker drained tBTC, ETH, and USDC before converting the haul into ETH, ending up with approximately 5,402 ETH worth around $11.4 million at prevailing prices. Researchers also noted the attacker wallet appeared to be funded via Tornado Cash shortly before the exploit. PeckShield said the address received 1 ETH about 14 hours prior to the attack. GoPlus attributed the incident to a likely weakness in the bridge\u0027s transaction validation process. The firm said the attacker appeared to send a low-value transaction to the bridge contract, then triggered a function that enabled a batch transfer of reserve assets directly to the drainer wallet. GoPlus added the root cause could involve cross-chain message validation failures, signature forgery risks, withdrawal logic bypasses, or access-control weaknesses in the bridge. Such vulnerabilities have increasingly been targeted in decentralized finance, particularly in cross-chain bridges that custody large pools of locked liquidity. Verus, launched in 2018, is a privacy-focused blockchain network using a hybrid \u0022proofofpower\u0022 consensus mechanism combining proof-of-work and proof-of-stake. The project introduced its Ethereum bridge in October 2023 to support transferring and converting assets between the Verus ecosystem and Ethereum.