Hacker Steals Over $11M From Verus-Ethereum Bridge

Hackers have reportedly drained $11.58 million from the Verus-Ethereum bridge.

In keeping with alerts from numerous blockchain safety platforms, the exploit hit considered one of Verus’ cross-chain bridge contracts and emptied reserves containing ETH, tBTC, and USDC.

How the Assault Labored

Two of the companies, CertiK and PeckShield, flagged suspicious exercise from the bridge contract at 0x71518580…cd7f63 inside hours of the exploit.

Per their posts on X, the stolen belongings totaled 1,625 ETH, 103.56 tBTC, and 147,000 USDC, with the attacker shortly swapping the whole lot into roughly 5,402 ETH and parking the funds in a separate pockets.

One other on-chain safety agency, Blockaid, printed a technical breakdown shortly after, and it’s the clearest account of what went flawed.

In keeping with them, the bridge accurately checked three issues: a notarized Verus state root signed by eight of fifteen notaries, a Merkle proof of the cross-chain export, and a hash binding confirming the integrity of the switch knowledge. Nonetheless, what it didn’t test was whether or not the source-chain export’s acknowledged quantities truly matched what it was about to pay out.

The attacker reportedly constructed a transaction on the Verus aspect for roughly 0.02 VRSC, which is about $0.01 at present costs, that dedicated a keccak hash of a payout blob whereas itemizing empty source-side totals. The Verus protocol accepted it as respectable, and the notaries signed the ensuing state root with out problem, as a result of from their perspective, nothing was flawed.

On the Ethereum aspect, the attacker referred to as submitImports() with a serialized switch blob whose hash matched the dedicated worth, so the bridge verified the hash, decoded the blob, and paid out 1,625 ETH, 103 tBTC, and 147,000 USDC from its reserves to the attacker.

In a nutshell, it price the attacker about $10 in VRSC charges for a return of $11.58 million. Per the Blockaid report, there was no ECDSA bypass, no compromise of notary keys, and no parser or hash-binding bug.

The vulnerability was a lacking source-amount validation in a perform referred to as “checkCCEValues,” which, in line with the safety agency, would take round ten traces of Solidity to repair.

Bridge Exploits Are on the Rise

Final month, in line with Certik, the broader crypto sector misplaced greater than $650 million to unhealthy actors, with an enormous chunk of that quantity coming from simply two incidents: an assault on KelpDAO that led to the theft of greater than $292 million and one other on Drift Protocol, which misplaced over $285 million.

Bridges are additionally being more and more focused, with the Verus exploit being the eighth incident involving such platforms this yr, and in line with PeckShield, their attackers have made off with at the least $328 million.

In the meantime, wanting on the market, VRSC, the Verus native token, didn’t appear to have reacted to the information of the exploit. Knowledge from CoinGecko reveals that it was largely flat on the day of the hack, having barely moved within the 24-hour window heading into the assault.

On the time of writing, it was buying and selling at round $0.75, down 6% in 30 days, whereas within the final yr it has misplaced near 73% of its worth.

The submit Hacker Steals Over $11M From Verus-Ethereum Bridge appeared first on CryptoPotato.

HOT news

Related posts

Latest posts

Worrying Ripple and Ethereum Indicators, Latest Pi Community Updates: Bits Recap July 3

The cryptocurrency market has proven indicators of a revival over the previous few days, but Ripple’s XRP and Ethereum (ETH) nonetheless don’t appear to...

PlayStation simply struck a hammer blow to recreation preservation

Killing recreation discs is an anti-consumer transfer that solely advantages Sony.

Solana Prompts On-Chain Governance as SOL Good points 15%; LiquidChain L3 Presale Approaches $1M

Friday, 3 July 2026 – LiquidChain is right here as Solana launched a proper on-chain governance system, introducing structured group decision-making to the high-throughput...

Donald Trump Defends $1.2B Crypto Earnings: ‘Nothing Unlawful, Nothing Unsuitable’

US President Donald Trump defended his household’s crypto earnings throughout a CNBC interview, saying there was “nothing unlawful” and “nothing mistaken” with the companies...

This XRP Sign Has By no means Seemed Worse, However is That the Setup? (Analyst)

XRP climbed roughly 5% over the previous 24 hours, which helped the token reclaim the $1.10 stage. Regardless of the short-term restoration, it stays...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!