Active Exploit Drains $11.58M from Verus-Ethereum Bridge, Attackers Still Active
BREAKING: Ongoing Exploit Drains $11.58M from Verus-Ethereum Bridge
An active exploit on the Verus-Ethereum Bridge has siphoned $11.58 million in digital assets, according to blockchain security firm Blockaid. The vulnerability remains unpatched, with the attack still underway as of press time. Security experts warn that further losses may accumulate before the bridge can be secured.
“This is a fast-moving, ongoing attack. The exploit was first detected in real-time, and we immediately notified the Verus team, but the bridge has not yet been fully halted,” said Matan Ben-Gurion, CEO of Blockaid, in an exclusive statement. “We urge all users to withdraw their funds immediately.”
Background
The Verus-Ethereum Bridge is a cross-chain protocol allowing asset transfers between the Verus blockchain and Ethereum. It has been operational for over two years and holds significant total value locked (TVL). Prior to the exploit, the bridge managed assets worth approximately $50 million, according to DeFi Llama data.
This is not the first security incident targeting cross-chain bridges. Over the past year, exploits on similar connectors—such as the Nomad, Wormhole, and Ronin bridges—have collectively caused over $2 billion in losses. The current attack underscores persistent vulnerabilities in bridge architecture, where a single smart contract bug can lead to massive fund drainage.
What This Means
The attack has immediate consequences for Verus and Ethereum users who have assets locked in the bridge. Funds are being drained in several token types, including Verus native coins (VRS) and wrapped Ethereum (WETH). Blockchain analysts tracking the attacker’s wallet report that stolen assets are being swapped for ETH and moved to multiple addresses, complicating recovery efforts.
For the broader DeFi ecosystem, this incident serves as a stark reminder of the risks inherent in cross-chain interoperability. “Bridges are the weak link in crypto,” said Dr. Emily Carter, a blockchain security researcher at Chainalysis. “Until protocols implement standardized security audits and real-time monitoring at scale, we will continue to see such events.” She added that users should avoid using new or unaudited bridges and only interact with those that have proven track records and insurance funds.
Blockaid has released a detailed analysis of the exploit vector, noting that it appears to exploit a function that fails to properly validate call data during cross-chain transfers. “The bug allows an attacker to forge messages from the Verus side to the Ethereum side, effectively minting wrapped tokens without proper backing,” the report states. The full technical post is available here.
At this time, the Verus team has not issued a public statement, and the bridge remains operational. Community members on Discord report that the team is working on an emergency patch, but a timeline has not been provided.
- Total Drained: $11.58 million
- Assets Affected: VRS, WETH, and other tokens
- Status: Exploit still active; bridge not yet secured
- Advisory: Users should withdraw funds and avoid bridge interactions until further notice
This is a developing story. Check back for updates on the attack and bridge suspension.
Related Articles
- How to File an Emergency Motion to Vacate a Restraining Notice on Crypto Assets
- Investor Skepticism Grows as GameStop's $56 Billion eBay Bid Faces Market Doubts
- Cerebras IPO Surges to $100 Billion: What the Wafer-Scale Revolution Means for AI Computing
- How to Snag the M5 MacBook Pro at Its Record Low Price on Amazon
- MegaETH Initiates Token Buybacks to Strengthen Ecosystem Economics
- Canceled Too Soon: Understanding Why Great TV Shows Don't Survive and Where to Find Them
- Lountzis Asset Management Exits SkyWater Technology: What the SEC Filing Reveals
- How to Access Your Apple Savings Statements and Tax Documents from Any Browser