On Monday, the Verus protocol’s Ethereum bridge was reportedly exploited via a phony cross-chain transfer message that allowed a hacker to fraudulently transfer at least $11.58 million worth of cryptocurrency.
Onchain Blockaid security platform he said on Monday in Post X that its detection system identified an ongoing exploit on the Verus-Ethereum bridge and shared a transaction on Etherscan showing the transfer of 1,625 Ether (ETH), 147,659 USDC (USDC), and 103.57 tBTC v2 worth over $11.5 million.
Blockchain security company also PeckShield called the transfer is an exploit and onchain data shows that the funds have since been converted to Ether. The wallet shows a balance of 5,402 Ether worth over $11.4 million, According to to Etherscan.
Cointelegraph asked Verus for comment. At the time of publication, the protocol had not publicly confirmed the exploit.
Source: Blockade
In the first quarter of 2026, cryptocurrency hackers stole over $168.6 million worth of cryptocurrencies from 34 decentralized finance protocols. April saw the two largest breaches of the year so far: the $280 million Drift Protocol exploit earlier in the month and the $292 million Kelp exploit.
The exploit was likely caused by false transfer instructions
Blockaid said the Verus Protocol incident is similar to the $190 million Nomad Bridge exploit and the 2022 $325 million Wormhole exploit.
The attacker exploited Ethereum’s Verus Bridge, tricking the protocol into thinking the transfer instructions were real, which caused the bridge to send funds from its reserves to the attacker’s wallet, Blockaid said.
“This is NOT an ECDSA bypass. This is NOT a notarial key compromise. This is NOT a parser/hash binding bug. THIS is a missing source amount validation in checkCCEValues - ~10 lines of Solidity to fix,” he added.
Blockchain security provider ExVul has come to a similar conclusion and he said the attacker used a “spoofed cross-chain import payload” that passed a “bridge verification flow” and resulted in “three attacker-related transfers to the drain wallet.”
Related: Aethir suspends the exploit of the bridge and promises compensation for the loss of PLN 90,000. dollars
“Cross-chain import proofs must associate each downstream transfer effect with authenticated payload data before execution,” the blockchain security provider said, adding that “Bridges should add strict verification of the payload to execution, deep protection around proof verification, and pause outbound flows when anomalous imports are detected.”
The incident comes after THORChain confirmed on Saturday that it had fallen victim to a $10 million exploit.
Warehouse: Legal battle over who can claim stolen DeFi millions
