Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
    MiCA Deadline Hits Top Safe Crypto Platforms for EU Users in July 2026
    MiCA Deadline Hits: Top Safe Crypto Platforms for EU Users in July 2026
    MSTR, STRC, and Michael Saylor’s Pragmatic Turn Strengthening Credit in a Volatile Bitcoin Era
    MSTR, STRC, and Michael Saylor’s Pragmatic Turn: Strengthening Credit in a Volatile Bitcoin Era
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Verus-Ethereum Bridge’s $11.58M Breach Revives Fears Over Cross-Chain Risks

Security firm Blockaid says the Verus bridge exploit exposed a flaw that failed to verify whether transferred assets were fully backed on the source chain.

Written By Kenrodgers Fabian Kenrodgers Fabian
Fact Checked by Divya Mistry Divya Mistry
Published 2026-05-18·Updated 2 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Verus Bridge $11.58M Breach Revives Fears Over Cross-Chain Risks
Show AI Summary
Hackers exploited a weakness in Verus Ethereum bridge’s cross-chain verification system, resulting in a loss of nearly $11.58 million
The breach led to the theft of 1,625 ETH, 103.6 tBTC, and roughly 147,000 USDC, exacerbating concerns over security risks in the decentralized finance sector
The attack was made possible by a structural issue in the bridge’s validation process, allowing fraudulent withdrawals to pass security checks with minimal fees of around $10

Hackers drained nearly $11.58 million from the Verus-Ethereum bridge after exploiting a weakness in the platform’s cross-chain verification system, according to blockchain security firm Blockaid. The attack emptied large amounts of ETH, tBTC, and USDC from the bridge, adding to growing concerns over security risks in the decentralized finance sector after a series of major crypto breaches this year.

Blockaid detected the suspicious activity through its monitoring system before disclosing the exploit on X. Security firm PeckShield also later confirmed that attackers stole 1,625 ETH, 103.6 tBTC, and roughly 147,000 USDC. 

🚨 Community alert:
Blockaid's exploit detection system has identified an on-going exploit on the @veruscoin Verus-Ethereum Bridge (https://t.co/HEwYZqFEfC).
~$11.58M drained so far.

More details in🧵

— Blockaid (@blockaid_) May 18, 2026

Investigators said the breach did not involve stolen private keys or compromised cryptography. Instead, attackers manipulated a weakness in the bridge’s validation process, allowing fraudulent withdrawals to pass security checks. Blockaid also linked the exploit to structural issues seen in the 2022 Wormhole and Nomad bridge attacks.

Validation gap opened the door

According to Blockaid’s findings, the exploit stemmed from what it described as a “source-destination economic-value binding gap,” meaning the bridge failed to properly confirm whether transferred assets were actually backed by funds on the originating chain.

According to the security firm, the attacker built a 0.02 VRSC transaction containing manipulated export data that pointed to a valid payout hash without including matching reserve balances. Because the transaction technically followed protocol rules, Verus notaries approved and signed the state root. The attacker later submitted the fraudulent import request on Ethereum, where the bridge validated the transaction data and automatically released the assets. As a result, the attacker drained millions of dollars while spending only a minimal amount of ~$10 in VRSC fees.

Blockaid said the exploit did not involve compromised notary keys, an ECDSA bypass, or a parser/hash-binding bug. Instead, the bridge lacked an important source-side balance verification step known as “checkCCEValues.” (fixable with ~10 lines of Solidity).  

DeFi security pressure intensifies

The Verus exploit came only days after THORChain halted trading following a separate security breach involving protocol-owned funds. THORChain later said the incident did not affect user balances, but warned the community about fake refund schemes and impersonation accounts spreading across social media platforms.

The latest attack adds to a growing wave of security incidents across decentralized finance this year. Data from DeFiLlama shows that hackers targeted 12 DeFi protocols in May 2026 alone, with total losses already surpassing $20 million. The industry suffered even heavier damage in April, when exploits drained more than $606 million, including the massive KelpDAO bridge breach.

At the same time, cybersecurity researchers are warning that crypto attacks could become more sophisticated as hackers increasingly use artificial intelligence to identify vulnerabilities. Google’s Threat Intelligence Group recently disclosed what it described as the first AI-assisted zero-day exploit tied to criminal activity, raising new concerns for blockchain networks and cross-chain infrastructure.

Also Read: Weekly Wrap: CLARITY Act Clears Committee, THORChain Exploit, Bitcoin ETFs Lose $868M

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Crypto Journalist at The Crypto Times, based in Kenya. He reports on high-profile global financial fraud, investment scams, phishing schemes, and cross-chain protocol exploits. His coverage heavily tracks systemic crypto vulnerabilities, ecosystem security breaches, and central bank shifts toward stablecoins and tokenized finance infrastructure. All investigative coverage on crypto cybercrimes and security events passes through his desk before publication. His four years in fast-paced crypto media have shaped his structured approach to deciphering malicious smart contracts, verifying data-heavy fraud cases, and providing accurate reporting on digital currency risks.
Divya Mistry
By Divya Mistry
Follow:
Divya Mistry is the Senior Editor at The Crypto Times. She leads the central editorial desk, overseeing the review and publication of policy analyses, investigative reports, exchange coverage, and protocol exploit stories. Her editorial remit spans digital asset markets, global exchange operations, cross-border digital asset settlements, regulatory developments, and other key developments shaping the cryptocurrency industry. Divya brings more than a decade of experience in editorial strategy, content development, public relations, marketing communications, and research. Before joining The Crypto Times, she worked across multiple sectors, including finance, technology, education, healthcare, real estate, entertainment, lifestyle, and vertical transport, contributing to both digital and print publications. Her research and content work has been featured on platforms including DNA India, Zee, Forbes, and Elevator World India. She holds a Master's degree in English Literature from the University of Mumbai. Drawing on her background in long-form publishing, research, and editorial leadership, she reviews and refines complex stories to ensure accuracy, clarity, and strong editorial standards before publication.

Latest News

Justin Sun's TRON Activates Quantum-Resistant Signatures on Nile Testnet
Justin Sun’s TRON Activates Quantum-Resistant Signatures on Nile Testnet
Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
US Users Pour $571M Into Polymarket’s Political Markets Despite Geo-Block
US Users Pour $571M Into Polymarket’s Political Markets Despite Geo-Block
Ireland Seizes Another 500 BTC From Drug Dealer's Lost Wallets, Total Worth $90M
Ireland Seizes Another 500 Bitcoin From Clifton Collins’ Lost Wallets, Total Worth $90M
Bitcoin Climbs 6% While MSTR Surged Over 23% — Is Michael Saylor’s Plan Finally Paying Off?
Bitcoin Climbs 6% While MSTR Surged Over 23% — Is Michael Saylor’s Plan Finally Paying Off?

Find Us on Socials

You may also like

Hinkal Protocol Exploited 450+ ETH Laundered via Tornado Cash & THORChain

Hinkal Protocol Exploited: $820K Laundered via Tornado Cash & THORChain

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Edel Finance Hacked $403K Stolen as Attacker Moves Funds to Tornado Cash

Edel Finance Hacked: $403K Stolen as Attacker Moves Funds to Tornado Cash

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information