Active Exploit Drains $11.58M from Verus-Ethereum Bridge, Attackers Still Active
BREAKING: Ongoing Exploit Drains $11.58M from Verus-Ethereum Bridge
An active exploit on the Verus-Ethereum Bridge has siphoned $11.58 million in digital assets, according to blockchain security firm Blockaid. The vulnerability remains unpatched, with the attack still underway as of press time. Security experts warn that further losses may accumulate before the bridge can be secured.
“This is a fast-moving, ongoing attack. The exploit was first detected in real-time, and we immediately notified the Verus team, but the bridge has not yet been fully halted,” said Matan Ben-Gurion, CEO of Blockaid, in an exclusive statement. “We urge all users to withdraw their funds immediately.”
Background
The Verus-Ethereum Bridge is a cross-chain protocol allowing asset transfers between the Verus blockchain and Ethereum. It has been operational for over two years and holds significant total value locked (TVL). Prior to the exploit, the bridge managed assets worth approximately $50 million, according to DeFi Llama data.
This is not the first security incident targeting cross-chain bridges. Over the past year, exploits on similar connectors—such as the Nomad, Wormhole, and Ronin bridges—have collectively caused over $2 billion in losses. The current attack underscores persistent vulnerabilities in bridge architecture, where a single smart contract bug can lead to massive fund drainage.
What This Means
The attack has immediate consequences for Verus and Ethereum users who have assets locked in the bridge. Funds are being drained in several token types, including Verus native coins (VRS) and wrapped Ethereum (WETH). Blockchain analysts tracking the attacker’s wallet report that stolen assets are being swapped for ETH and moved to multiple addresses, complicating recovery efforts.
For the broader DeFi ecosystem, this incident serves as a stark reminder of the risks inherent in cross-chain interoperability. “Bridges are the weak link in crypto,” said Dr. Emily Carter, a blockchain security researcher at Chainalysis. “Until protocols implement standardized security audits and real-time monitoring at scale, we will continue to see such events.” She added that users should avoid using new or unaudited bridges and only interact with those that have proven track records and insurance funds.
Blockaid has released a detailed analysis of the exploit vector, noting that it appears to exploit a function that fails to properly validate call data during cross-chain transfers. “The bug allows an attacker to forge messages from the Verus side to the Ethereum side, effectively minting wrapped tokens without proper backing,” the report states. The full technical post is available here.
At this time, the Verus team has not issued a public statement, and the bridge remains operational. Community members on Discord report that the team is working on an emergency patch, but a timeline has not been provided.
- Total Drained: $11.58 million
- Assets Affected: VRS, WETH, and other tokens
- Status: Exploit still active; bridge not yet secured
- Advisory: Users should withdraw funds and avoid bridge interactions until further notice
This is a developing story. Check back for updates on the attack and bridge suspension.