Verus Ethereum Bridge Reportedly Suffers from $11.5 Million DeFi Hack

Fake cross-chain transfer message reportedly triggered the exploit.

Advertisement
Written by Rahul Dhingra, Edited by Rohan Pal | Updated: 18 May 2026 15:50 IST
Highlights
  • Attacker reportedly bypassed the bridge verification process
  • Exploit involved ETH, USDC, and tBTC v2 transfers
  • Funds later swapped into Ether, security firms say

On-chain data showed funds transferred through a forged bridge payload

Photo Credit: Unsplash/rc.xyz NFT gallery

Verus Protocol's Ethereum bridge was reportedly exploited on Monday. The incident happened when a hacker was able to fraudulently transfer out at least $11.5 million (roughly Rs. 110 crore) in cryptocurrency through a fake cross-chain transfer message. On-chain security platform Blockaid stated that its detection system had caught this ongoing exploit on the Verus-Ethereum bridge, which includes a transaction on Etherscan showing a transfer of 1,625 Ether (ETH), 147,659 USDC (USDC), and 103.57 tBTC v2. Blockade added that this incident is a resemblance of the $190 million (roughly Rs. 1,829 crore) Nomad Bridge exploit and the $325 million (roughly Rs. 3,129 crore) Wormhole exploit in 2022. 

Security Firms Say Funds Were Swapped Into Ether After Exploit

Etherscan shows the wallet has a balance of 5,402 Ether, worth more than $11.4 million (roughly Rs. 110 crore). While blockchain security firm PeckShield also described the transfer as an exploit, with on-chain data showing the funds have since been swapped for Ether. Blockaid further added that the attacker exploited the protocol by duping them into believing the transfer instructions were real, causing the bridge to send funds from its reserves to the attacker's wallet.

Advertisement

ExVul, a blockchain security provider, also arrived at a similar conclusion and said that the attacker used a “forged cross-chain import payload” that went past the bridge's verification flow and resulted in “three attacker-attached transfers to the drainer wallet.” “Cross-chain import proofs must bind every downstream transfer effect to authenticated payload data before execution,” the blockchain security provider further added that “Bridges should add strict payload-to-execution validation, defense in depth around proof verification and pause outbound flows when anomalous imports are detected.”

DeFi platforms and security bridges have been under threat of security breaches for a very long time now. In April, security researcher Taylor Manonan claimed that North Korean IT workers have been infiltrating DeFi platforms for the past 7 years. This includes over 40 DeFi platforms. She further added that seven years of DeFi experience on their resumes is not a lie, cause they have built all the critical protocols that run on each of these DeFi platforms. This data revelation came hours after the Drift Protocol disclosed a $280 million (roughly Rs. 2,696 crore) exploit, which also had a DPRK group behind it. 

Advertisement

Another protocol that fell victim to such fraudulent activities was Kelp DAO, which suffered a loss of $293 million (roughly Rs. 2,821 crore). Following this attack, DeFi protocols came together in an attempt to restore the backing of Restaked Ether (rsETH) that was lost due to this hack. The Decentralised platform Aave has called this effort “DeFI United”. Crypto protocols involved also include Mantle, EtherFi Foundation, Golem Foundation, Lido DAO, Ethena, LayerZero, Ink Foundation, and Tyrdo. 

Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day Sale: Early Deals on Smartphones From Top Brands Revealed
  2. Amazon Prime Day 2026 Sale: Top Deals on Smartphones Under Rs. 50,000
  3. Moto G77 Power Will Launch in India on This Date
  4. Here's Our First Look of the Nothing Phone 4b 'RCB Edition' Variant
  5. OTT Releases This Week: Elle, Super Subbu, Enola Holmes 3, and More
  6. Oppo Reno 16, Reno 16c Make Their Debut in India at These Prices
  7. Call of Duty: Modern Warfare 3 Is Coming to PS Plus in July
  1. PS Plus Monthly Games for July Include Call of Duty: Modern Warfare 3, For the King 2 and CrossCode
  2. Nothing Phone 4b RCB Edition Design, Colour Revealed Days Ahead of Debut
  3. Garmin Forerunner 70, Forerunner 170, Forerunner 170 Music Launched in India With 1.2-Inch Display, Up to 13 Days Battery Life
  4. Redmi Note 17 Series Launch Timeline Teased, Company Touts Display Upgrades and Longer Battery Life
  5. Lava Probuds T51, Xscape 13° Neckband With Up to 70 Hours Battery Life Launched in India: Price, Features
  6. Best Noise Cancellation Headphones in India to Buy This Amazon Prime Day: boAt Rockerz 650 Pro, JBL Tune 520 BT and More
  7. Oppo Enco Air 5 With Up to 52dB ANC, Up to 54 Hours Battery Launched in India: Price, Features
  8. Apple Reportedly Cuts iPhone 17 Series Production Plans by 15 Percent as Demand Softens
  9. Moto G77 Power Set to Launch in India Next Week; Price Range, Specifications Revealed
  10. CMF's Himanshu Tandon Announces Exit Weeks After Firm Confirms 2026 Phone Strategy
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.