After blockchain security company Blockaid discovered an ongoing attack on the Verus-Ethereum Bridge, the cryptocurrency market became aware of yet another significant bridge exploit. The protocol has already lost around $11.58 million, according to many on-chain security trackers.

As the attacker allegedly altered the bridge's transfer logic and turned the stolen money into ETH in a matter of hours, the hack immediately gained attention in DeFi circles. PeckShield and GoPlus security researchers have now charted the attack's course, the money's movement, and the reasons why this exploit is raising concerns about cross-chain bridge security once more.

• How the Verus-Ethereum Bridge Exploit Started
• The Transaction Pattern That Triggered the Drain
• Tornado Cash Funding Added More Suspicion
• Why This Exploit Matters Beyond Verus

How the Verus-Ethereum Bridge Exploit Started

Blockaid initially made the hack public after its monitoring system identified questionable Verus-Ethereum Bridge activity. The platform calculated losses at approximately $11.58 million at the time of the alert.

The original attacker wallet was linked by investigators to the address that starts with "0x5aBb," and the money that was drained was then moved into a different wallet that ends in "C25F9." The exploit primarily targeted reserve assets housed under the bridge contract. The stolen assets, according to security researchers, included:

Following the theft, the attacker quickly converted the funds into about 5,402 ETH, which at the time of the exploit was worth about $11.4 million.

• 103.6 tBTC
• 1,625 ETH
• 147,000 USDC

The pace of execution was what experts saw right away. The bridge was not steadily drained over several transactions by the attacker. Rather, the exploit targeted the bridge reserves almost immediately after the vulnerability was activated and seemed to be highly automated.

The Transaction Pattern That Triggered the Drain

GoPlus, a security company, offered one of the more thorough explanations of the attack path. The attacker allegedly started the vulnerability with a low-value transaction aimed at the bridge contract, according to its results.

A particular function within the bridge contract was purportedly triggered by that seemingly innocuous transaction, which in turn caused a batch transfer of reserve assets straight into the attacker's wallet. Researchers think that vulnerabilities in access control logic, withdrawal verification, or cross-chain message validation could be linked to the hack.

The incident has already been likened to some of the most destructive bridge attacks in the history of cryptocurrency, such as the Wormhole Bridge Exploit and the Nomad Bridge Exploit. In those assaults, bridge contracts were persuaded to release funds they should never have authorised via falsified or incorrectly authenticated cross-chain messages.

Within DeFi, this trend is becoming more and more common. Large liquidity pools are frequently stored on cross-chain bridges, and the whole reserve base can be exposed in a single exploit window by a single flaw in the verification mechanism.

Tornado Cash Funding Added More Suspicion

The attacker's financial trail was another significant piece of information found throughout the investigation. About 14 hours before the start of the exploit, the exploit wallet got 1 ETH via Tornado Cash.

Because Tornado Cash is often used to obfuscate wallet origins and disrupt transaction trails before the execution of big exploits, that detail immediately raised suspicions. This funding pattern, according to analysts, is similar to the actions observed in a number of significant DeFi attacks during the previous two years.

In order to keep an eye on whether ETH is transferred through further mixers, exchanges, or cross-chain protocols, blockchain investigators are currently aggressively tracking the attacker wallets. The stolen ETH still seemed to be within the drainer wallet that Blockaid had discovered at the time the exploit details were made public.

Notably, after the exploit reports emerged, the Verus team published an official post-mortem or public recovery plan.

Source: Verus

Why This Exploit Matters Beyond Verus

The Verus-Ethereum Bridge vulnerability is not thought to be an isolated event. It comes at a time when several scholars have already declared this to be one of the worst years ever for DeFi security breaches.

DeFi has already lost hundreds of millions of dollars in 2026 due to recent bridge-related shenanigans. The Drift Protocol Exploit and the huge KelpDAO Exploit were cited by analysts as examples of the ongoing vulnerability of bridge verification methods.

Developers are more concerned about structural than isolated coding errors. A lot of bridge systems still rely on message infrastructure that relies heavily on trust, limited signature verification, or centralised or weak validator assumptions. Attackers can successfully persuade a protocol to release assets without valid deposits supporting the withdrawals if those presumptions are not met.

For this reason, the Verus exploit is attracting interest outside of the project itself. The attack, according to researchers, shows that cross-chain infrastructure is still one of the most vulnerable layers in decentralised finance, particularly when sizable reserve pools are supported by a single validation mechanism.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

1. THORChain Halts Trading After $10.7M Vault Compromise
2. UAE Approves Crypto.com for Government Fee Payments
3. BlackRock Expands Ethereum Push With Tokenized Treasury Funds
4. KelpDAO Exits LayerZero After Massive $292M Exploit
5. Solana & XRP ETFs Outshine Bitcoin Funds

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.