{"id":97172,"date":"2026-05-18T09:55:33","date_gmt":"2026-05-18T06:55:33","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=97172"},"modified":"2026-05-18T10:04:35","modified_gmt":"2026-05-18T07:04:35","slug":"hackers-extract-11-5-million-from-verus-protocol","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-extract-11-5-million-from-verus-protocol\/","title":{"rendered":"Hackers Extract $11.5 Million from Verus Protocol"},"content":{"rendered":"<p>The DeFi protocol Verus has suffered a loss of approximately $11.5 million following an attack on its <a href=\"https:\/\/forklog.com\/en\/news\/what-are-cross-chain-bridges\">cross-chain bridge<\/a> with Ethereum. This was reported by cybersecurity experts from Blockaid, PeckShield, and GoPlus.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udd0e Verus-Ethereum Bridge $11.58M drain \u2014 Suspected root cause<\/p>\n<p>Same class as Wormhole-2022 \/ Nomad-2022: source \u2194 destination economic-value binding gap.<\/p>\n<p>What the bridge correctly verifies:<br \/>\u2713 Notarized Verus state root (8\/15 valid notary sigs, all cryptographically sound)<br \/>\u2713\u2026<\/p>\n<p>\u2014 Blockaid (@blockaid_) <a href=\"https:\/\/twitter.com\/blockaid_\/status\/2056212703371251851?ref_src=twsrc%5Etfw\">May 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to PeckShield, the hacker extracted 103.6 tBTC, 1625 ETH, and 147,000 USDC, subsequently exchanging the assets for 5402 ETH. At the time of publication, the funds remain in the attacker&#8217;s wallet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> The <a href=\"https:\/\/twitter.com\/VerusCoin?ref_src=twsrc%5Etfw\">@veruscoin<\/a> Verus-Ethereum Bridge has been drained for 103.6 <a href=\"https:\/\/twitter.com\/search?q=%24tBTC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$tBTC<\/a>, 1.625K <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a>, and 147K <a href=\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDC<\/a>.<\/p>\n<p>The exploiter swapped the stolen assets for 5,402.4 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> (~$11.4M), which currently sits in 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.<\/p>\n<p>The attacker\u2019s address\u2026 <a href=\"https:\/\/t.co\/DK0CDUAcqb\">https:\/\/t.co\/DK0CDUAcqb<\/a> <a href=\"https:\/\/t.co\/NMa8abhaTH\">pic.twitter.com\/NMa8abhaTH<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/2056194168385642881?ref_src=twsrc%5Etfw\">May 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attacker obtained funds for transaction fees through the mixer <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">Tornado Cash<\/a> 14 hours before the breach.<\/p>\n<p>GoPlus experts explained that the attacker sent a low-cost transaction and triggered a contract function to withdraw reserves en masse. The incident is likely attributed to a vulnerability in the withdrawal logic or signature forgery during cross-network message verification.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"zh\" dir=\"ltr\">\ud83d\udea8GoPlus Security Alert: <a href=\"https:\/\/twitter.com\/VerusCoin?ref_src=twsrc%5Etfw\">@veruscoin<\/a> Verus-Ethereum Bridge attacked, losing about $11.5 million<\/p>\n<p>The attacker moved large assets (1,625 ETH + 103.57 tBTC + 147k USDC) from the Ethereum side in a single transaction via the bridge contract.<\/p>\n<p>This is another typical case of bridge-related attacks in 2026, with previous losses from Kelp DAO, Hyperbridge, etc., amounting to hundreds of millions of dollars. \u2026 <a href=\"https:\/\/t.co\/SB7JmfHggl\">pic.twitter.com\/SB7JmfHggl<\/a><\/p>\n<p>\u2014 GoPlus\u4e2d\u6587\u793e\u533a (@GoPlusZH) <a href=\"https:\/\/twitter.com\/GoPlusZH\/status\/2056186563210662298?ref_src=twsrc%5Etfw\">May 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The developers of Verus have not commented on the situation. The bridge between the Verus and Ethereum networks was launched in October 2023. The protocol itself has been operational since 2018, focusing on user privacy.<\/p>\n<p>The decentralized finance industry frequently encounters such threats. The total amount of funds locked in DeFi and lost due to hacks exceeds $7.7 billion.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-c787ece433fa5597-4688521163799277.webp\" alt=\"Screenshot 2026-05-18 092535\" class=\"wp-image-280082\"\/><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/defillama.com\/hacks\">DefiLlama<\/a>.<\/figcaption><\/figure>\n<p>Cross-chain bridge vulnerabilities account for over $3.2 billion in losses.<\/p>\n<p>Back in April, Kelp <a href=\"https:\/\/forklog.com\/en\/news\/kelp-and-aave-begin-asset-recovery-after-hack\">was hacked<\/a>, allegedly by the Lazarus Group. The incident was the largest in the DeFi sector since the beginning of the year.<\/p>\n<p>In May, attackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-extract-10-million-from-thorchain\">extracted<\/a> $10 million from the cross-chain protocol THORChain. The project&#8217;s developers <a href=\"https:\/\/forklog.com\/en\/news\/thorchain-team-reveals-details-of-10-million-hack\">confirmed<\/a> the hack and denied the launch of a compensation program.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The DeFi protocol Verus has suffered a loss of approximately $11.5 million following an attack on its cross-chain bridge with Ethereum, cybersecurity experts reported.<\/p>\n","protected":false},"author":1,"featured_media":97173,"comment_status":"open","ping_status":"open","sticky":true,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Verus lost $11.5M in a cross-chain bridge attack with Ethereum.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093],"class_list":["post-97172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"10","promo_type":"1","layout_type":"1","short_excerpt":"Verus lost $11.5M in a cross-chain bridge attack with Ethereum.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=97172"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97172\/revisions"}],"predecessor-version":[{"id":97174,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97172\/revisions\/97174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/97173"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=97172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=97172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=97172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}