Another cross-chain bridge has been drained. The Verus-Ethereum Bridge lost approximately $11.58 million. On May 17-18, 2026, in an exploit first flagged by Blockaid’s real-time detection system and confirmed by PeckShield. The attacker drained 103.6 tBTC, 1,625 ETH, and 147,000 USDC from the bridge’s reserves. All stolen funds were immediately swapped into 5,402.4 ETH. It is worth roughly $11.4 million and consolidated into a single wallet address. The attacker’s initial funding came from Tornado Cash approximately 14 hours before the drain. Crypto hack news in 2026 keeps returning to the same vulnerability class. And the Verus-Ethereum Bridge exploit is its clearest example yet.
The technical root cause is what makes this attack particularly alarming. Blockaid’s analysis confirmed this was not a key compromise. Not a signature bypass. Not a hash collision. The bridge verified everything it was designed to verify. It notarized Verus state roots, Merkle proofs, and hash commitments. It just never checked whether the source-chain transaction actually backed the payouts with real value.
Verus-Ethereum Bridge $11.58M drain – Suspected root cause
Same class as Wormhole-2022 / Nomad-2022: source
destination economic-value binding gap.
What the bridge correctly verifies:
✓ Notarized Verus state root (8/15 valid notary sigs, all cryptographically sound)
✓…— Blockaid (@blockaid_) May 18, 2026
The attacker built a transaction spending approximately $10 worth of VRSC fees. That transaction committed to a payout blob with empty source-side totals. With zero real value locked on the Verus-Ethereum Bridge side. Verus protocol accepted the transaction as legitimate. Eight of fifteen notaries cryptographically signed the resulting state root. The attacker then submitted that signed proof to the Ethereum bridge contract via submitImports().
The bridge verified the proof. Decoded the blob and paid out $11.58 million from its reserves. Blockaid described the fix with stark simplicity. Approximately ten lines of Solidity in the checkCCEValues function. That would have prevented the entire attack by validating that source-chain export totals actually backed the requested payouts.
Ethereum news from the 2022 bridge era is repeating itself. Blockaid directly compared this exploit to the Wormhole and Nomad bridge hacks. Both of which exploited source-destination economic-value binding gaps rather than cryptographic failures. The Verus-Ethereum Bridge exploit follows the same architecture: valid proofs, invalid economics, catastrophic payout. The attacker EOA address 0x5aBb…D5777 initiated the exploit transaction. The drainer wallet 0x65Cb…C25F9 currently holds the consolidated ETH proceeds. Both addresses are publicly trackable on Etherscan.
For crypto hack news followers and bridge users, the Verus-Ethereum Bridge exploit reinforces a critical lesson. Cryptographic validity and economic validity are not the same thing. A bridge can verify every signature correctly and still pay out funds that were never deposited. For Ethereum developers building cross-chain infrastructure, Blockaid’s root cause analysis is required reading.
Every bridge implementation needs explicit validation that source-chain locked value matches destination-chain payout amounts, independently of proof verification. This is because proof correctness guarantees the message is authentic, but it does not guarantee the economics are sound. In other words, a valid proof does not automatically mean a valid transaction. Ultimately, that specific security gap just cost the Verus-Ethereum Bridge $11.5 million.
The post Verus-Ethereum Bridge Loses $11.5M as Attacker Swaps All Funds to ETH appeared first on Coinfomania.
The trial’s outcome could redefine nonprofit commitments in tech, impacting AI industry structures and investor confidence in mission-driven ventures. The post Elon Musk and Sam
Upbit’s TRAC listing enhances global trading efficiency, potentially boosting liquidity and investor interest in decentralized data solutions. The post Upbit adds OriginTrail TRAC for trading
The deal could stabilize US agricultural markets, reduce trade tensions, and enhance economic ties, but execution risks remain significant. The post China commits to $17B
AMGI Studios recently announced the launch of its native token, HOOLI, for the My Pet Hooligan entertainment franchise, featuring an airdrop on May 18. Token
Blockchain Bodega is here and you know the vibes. We’re at the intersection of hip-hop culture and web3, exploring this new digital frontier. Who better to guide you through these uncharted lanes than Ock Chain – The Bitcoin Boss and the Consensus Corner Boys?
Ock Chain doesn’t just cook up random details about cryptocurrency; he lives it. Ock’s been deep in the game since Bitcoin was just a baby.
And let’s not forget about the Consensus Corner Boys. They’re our skilled crew of blockchain enthusiasts. They’re here to educate, entertain, and enlighten.
Welcome to Blockchain Bodega!
Copyright © 2023 Blockchain Bodega. All rights reserved.