Hackers drained nearly $11.58 million from the Verus-Ethereum bridge after exploiting a weakness in the platform’s cross-chain verification system, according to blockchain security firm Blockaid. The attack emptied large amounts of ETH, tBTC, and USDC from the bridge, adding to growing concerns over security risks in the decentralized finance sector after a series of major crypto breaches this year.
Blockaid detected the suspicious activity through its monitoring system before disclosing the exploit on X. Security firm PeckShield also later confirmed that attackers stole 1,625 ETH, 103.6 tBTC, and roughly 147,000 USDC.
Investigators said the breach did not involve stolen private keys or compromised cryptography. Instead, attackers manipulated a weakness in the bridge’s validation process, allowing fraudulent withdrawals to pass security checks. Blockaid also linked the exploit to structural issues seen in the 2022 Wormhole and Nomad bridge attacks.
Validation gap opened the door
According to Blockaid’s findings, the exploit stemmed from what it described as a “source-destination economic-value binding gap,” meaning the bridge failed to properly confirm whether transferred assets were actually backed by funds on the originating chain.
According to the security firm, the attacker built a 0.02 VRSC transaction containing manipulated export data that pointed to a valid payout hash without including matching reserve balances. Because the transaction technically followed protocol rules, Verus notaries approved and signed the state root. The attacker later submitted the fraudulent import request on Ethereum, where the bridge validated the transaction data and automatically released the assets. As a result, the attacker drained millions of dollars while spending only a minimal amount of ~$10 in VRSC fees.
Blockaid said the exploit did not involve compromised notary keys, an ECDSA bypass, or a parser/hash-binding bug. Instead, the bridge lacked an important source-side balance verification step known as “checkCCEValues.” (fixable with ~10 lines of Solidity).
DeFi security pressure intensifies
The Verus exploit came only days after THORChain halted trading following a separate security breach involving protocol-owned funds. THORChain later said the incident did not affect user balances, but warned the community about fake refund schemes and impersonation accounts spreading across social media platforms.
The latest attack adds to a growing wave of security incidents across decentralized finance this year. Data from DeFiLlama shows that hackers targeted 12 DeFi protocols in May 2026 alone, with total losses already surpassing $20 million. The industry suffered even heavier damage in April, when exploits drained more than $606 million, including the massive KelpDAO bridge breach.
At the same time, cybersecurity researchers are warning that crypto attacks could become more sophisticated as hackers increasingly use artificial intelligence to identify vulnerabilities. Google’s Threat Intelligence Group recently disclosed what it described as the first AI-assisted zero-day exploit tied to criminal activity, raising new concerns for blockchain networks and cross-chain infrastructure.
Also Read: Weekly Wrap: CLARITY Act Clears Committee, THORChain Exploit, Bitcoin ETFs Lose $868M
