The Verus Ethereum cross-chain bridge has fallen victim to a suspected security exploit, resulting in an estimated $11.58 million loss, according to blockchain security firm Blockaid. The attack was disclosed via Blockaid’s official X account, highlighting an attacker’s ability to drain assets from the protocol through a smart contract vulnerability.
Blockchain security firm PeckShield later reported that the hacker converted the stolen funds entirely into Ether. The initial loot included a diverse portfolio: 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Through a series of transactions, the hacker swapped these assets for approximately 5,402.4 ETH, consolidating the proceeds into a single liquid cryptocurrency. This is a typical laundering step to streamline fund management and prepare for further obfuscation via mixers or privacy tools.
The incident adds to a long list of bridge exploits that have plagued DeFi. Cross-chain bridges, which lock large liquidity pools, remain prime targets due to complex codebases. The Verus team had not released an official statement at the time of reporting, leaving users with immediate uncertainty about fund safety and recovery.
For Verus bridge users, the recommendation is to halt all interactions with the bridge contract and monitor official channels for updates. The conversion to ETH makes recovery more challenging but also leaves a clear on-chain trail for investigators. The event underscores the critical need for rigorous security audits and innovative architectures to protect cross-chain infrastructure.
