Skip to main content
Sign in
Verus-Ethereum Bridge1 decision on this page

Audit log

Every state-changing event for Verus-Ethereum Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-22 05:20:27Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 421,354,148
    sig
    5Ae87bpeKoiH…nxtqe53Mexplorer ↗
    hash
    oGPqnEqt95zB…dzFpeWXfsha256 → base58
    verifying row…full verify ↗
    canonical bytes (16962 B) ▸
    {"actor":"system:backfill","investigation_id":"6e148e7d-3998-498d-9b16-c35d8534284f","kind":"publish","page_slug":"verus-ethereum-bridge","published_at":"2026-05-22T05:20:27.373Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Verus-Ethereum Bridge","sections":[{"content":"On May 18, 2026, the Verus-Ethereum Bridge was exploited in an attack that drained approximately $11.58 million in crypto assets. Security firm Blockaid was the first to publicly flag the active breach through its real-time detection systems. The attacker extracted 103.6 tBTC (Threshold Network's tokenized bitcoin), 1,625 ETH, and approximately 147,000 USDC. Following the drain, the attacker consolidated all stolen assets into approximately 5,402 ETH, worth over $11 million at the time. The Verus blockchain subsequently halted block production roughly 12 hours after the attack, as most block-generating nodes took themselves offline in response. As of the time of initial reporting, the Verus team had issued no official public statement regarding the breach.","heading":"May 2026 Exploit Overview","severity":"critical","sources":[{"credibility":1,"name":"Verus-Ethereum bridge loses $11 million as hackers keep targeting cross-chain infrastructure — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"credibility":2,"name":"$11.58M Drained in Ongoing Exploit on Verus-Ethereum Bridge — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/verus-ethereum-bridge-exploit-11-5-million-ri18bt"},{"credibility":1,"name":"Ongoing exploit drains $11.6 million from Verus-Ethereum bridge: Blockaid — The Block","type":"news_article","url":"https://www.theblock.co/post/401571/verus-ethereum-bridge-exploit"},{"credibility":2,"name":"Verus Bridge Exploited: $11.58M Drained, Attack Still Live — CCN","type":"news_article","url":"https://www.ccn.com/news/crypto/verus-bridge-exploited-12m-drained-attack-still-live/"}]},{"content":"Security researchers at Blockaid and ExVul traced the exploit to a missing source-amount validation in the bridge's checkCCEValues function. The bridge performed three validation steps correctly — verifying state roots, transaction hashes, and notary signatures — but neither the Verus side nor the Ethereum side was required to confirm that the input amount on Verus matched the payout amount released on Ethereum. The attacker exploited this gap by constructing a forged cross-chain import payload: a low-value transaction worth approximately 0.02 VRSC was submitted with a Cross-Chain Export that committed to a payout hash while leaving source-side totals empty. Verus notaries signed the resulting state root because all structural and cryptographic components were valid. The attacker then called the submitImports() function on Ethereum with the matching serialized transfer payload; the bridge released 1,625 ETH, 103.6 tBTC, and ~147,000 USDC for approximately $10 in transaction fees. Blockaid stated the flaw was not an ECDSA bypass, not a notary key compromise, and not a parsing flaw — only missing business-logic validation. The firm noted the vulnerability could reportedly be fixed with approximately 10 lines of Solidity code. Security firm Halborn independently confirmed the root cause as a structural validation gap rather than a cryptographic bypass.","heading":"Technical Root Cause: Missing Cross-Chain Validation","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap — Metaverse Post","type":"news_article","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"},{"credibility":2,"name":"Verus Ethereum bridge drained of $11.5M in forged transfer exploit — crypto.news","type":"news_article","url":"https://crypto.news/verus-ethereum-bridge-drained-of-11-5m-in-forged-transfer-exploit/"}]},{"content":"On-chain analysis identified the primary attacker externally owned account as 0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777 and the drainer address holding consolidated funds as 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9. According to PeckShield, the attacker wallet was seeded with 1 ETH via Tornado Cash approximately 14 hours before the exploit — a known pattern used to obscure transaction origins by establishing a clean funding address. Following the drain, the attacker swapped all stolen tBTC, ETH, and USDC into approximately 5,402 ETH and held the consolidated funds in the drainer address. All stolen proceeds were subsequently moved through Tornado Cash, the sanctioned Ethereum mixing protocol, in an effort to sever the on-chain trail.","heading":"Attacker Wallet and Fund Movement","severity":"critical","sources":[{"credibility":2,"name":"Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup — Bitcoin.com News","type":"on_chain","url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"credibility":2,"name":"Verus-Ethereum Bridge Loses $11.5M as Attacker Swaps All Funds to ETH — Coinfomania","type":"news_article","url":"https://coinfomania.com/verus-ethereum-bridge-loses-11-5m-as-attacker-swaps-all-funds-to-eth/"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap — Metaverse Post","type":"on_chain","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"}]},{"content":"The Verus-Ethereum Bridge launched in October 2023 under the tagline 'Bridging Done Right,' with the project positioning its design as fundamentally safer than bridges that had suffered prior exploits. The Verus team stated publicly that 'threats caused by malicious notary witnesses or stolen keys to drain funds are simply not viable' against its protocol, citing its delayed transaction system and consensus-based verification as safeguards. The bridge relied on the Verus Internet Protocol for cross-chain communication, using cryptographic proofs validated by miners and stakers rather than multisig committees or centralized validators. No formal third-party security audit of the bridge is confirmed in available public sources prior to the May 2026 exploit. Halborn's post-mortem emphasized that comprehensive business-logic review during early development — distinct from standard code audits — is essential to preventing this class of validation-gap vulnerability.","heading":"Pre-Exploit Security Posture and Claims","severity":"high","sources":[{"credibility":1,"name":"Verus-Ethereum Bridge official documentation — Verus Docs","type":"official","url":"https://docs.verus.io/eth-bridge/"},{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":2,"name":"DeFi Protocol Verus Hit By Major Security Breach On Ethereum Bridge — Crowdfund Insider","type":"news_article","url":"https://www.crowdfundinsider.com/2026/05/280076-defi-protocol-verus-hit-by-major-security-breach-on-ethereum-bridge/"}]},{"content":"The Verus exploit is part of a documented surge in cross-chain bridge attacks in 2026. PeckShield tracked eight major bridge exploits in the first half of May 2026 alone, totaling approximately $328.6 million in losses industry-wide; the Verus incident brought that cumulative figure to approximately $329 million. Bridge-related losses now account for approximately 41% of all tracked DeFi exploit losses in 2026. Notable preceding 2026 bridge incidents include a $293 million exploit against Kelp DAO via LayerZero's cross-chain messaging system in April 2026, a $10 million THORChain exploit, and a $2.5 million Hyperbridge exploit. Security analysts have noted that attackers have returned to bridge infrastructure targeting after a period of focusing on social engineering and supply-chain attacks, and that bridge exploits consistently produce the largest individual losses in any given year. Comparisons to the 2022 Nomad Bridge and Wormhole exploits have been drawn by Blockaid, citing the recurring pattern of cross-chain validation failures.","heading":"Broader Context: 2026 Cross-Chain Bridge Exploit Wave","severity":"high","sources":[{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":1,"name":"Verus-Ethereum bridge loses $11 million as hackers keep targeting cross-chain infrastructure — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"credibility":2,"name":"Crypto Hacks 2026: THORChain, Verus, Echo Hit — Coingabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/crypto-hack-2026-thorchain-verus-bridge-echo-protocol"}]},{"content":"As of the time of initial reporting, the Verus development team had not issued an official public statement or technical post-mortem regarding the exploit. The Verus blockchain halted block production approximately 12 hours after the attack as most block-generating nodes took themselves offline. Community discussions regarding potential reimbursement and insurance coverage were reported to have begun in some community channels, though no formal recovery or compensation plan had been announced. No law enforcement referral or on-chain bounty has been publicly confirmed.","heading":"Team Response and Recovery Status","severity":"medium","sources":[{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Verus Ethereum Bridge Exploit: $11.6M Drained In Latest DeFi Hack — Blockchain Magazine","type":"news_article","url":"https://blockchainmagazine.com/announcement/verus-ethereum-bridge-exploit-11-6m-drained-in-latest-defi-hack-what-happened-and-key-takeaways/"}]}],"sources_used":[{"credibility":1,"name":"Verus-Ethereum bridge loses $11 million as hackers keep targeting cross-chain infrastructure — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":1,"name":"Ongoing exploit drains $11.6 million from Verus-Ethereum bridge: Blockaid — The Block","type":"news_article","url":"https://www.theblock.co/post/401571/verus-ethereum-bridge-exploit"},{"credibility":2,"name":"$11.58M Drained in Ongoing Exploit on Verus-Ethereum Bridge — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/verus-ethereum-bridge-exploit-11-5-million-ri18bt"},{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap — Metaverse Post","type":"news_article","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"},{"credibility":2,"name":"Verus Ethereum bridge drained of $11.5M in forged transfer exploit — crypto.news","type":"news_article","url":"https://crypto.news/verus-ethereum-bridge-drained-of-11-5m-in-forged-transfer-exploit/"},{"credibility":2,"name":"Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"credibility":2,"name":"Verus Bridge Exploited: $11.58M Drained, Attack Still Live — CCN","type":"news_article","url":"https://www.ccn.com/news/crypto/verus-bridge-exploited-12m-drained-attack-still-live/"},{"credibility":2,"name":"Verus-Ethereum bridge hack drains $11.58M — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/verus-ethereum-bridge-hack-drains-11-58m-why-defi-trust-is-eroding/"},{"credibility":2,"name":"Verus Ethereum Bridge Exploit: $11.6M Drained In Latest DeFi Hack — Blockchain Magazine","type":"news_article","url":"https://blockchainmagazine.com/announcement/verus-ethereum-bridge-exploit-11-6m-drained-in-latest-defi-hack-what-happened-and-key-takeaways/"},{"credibility":2,"name":"Verus Bridge Exploited: $11.58M Drained — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/verus-bridge-exploited-11-58m-073241158.html"},{"credibility":2,"name":"DeFi Protocol Verus Hit By Major Security Breach On Ethereum Bridge — Crowdfund Insider","type":"news_article","url":"https://www.crowdfundinsider.com/2026/05/280076-defi-protocol-verus-hit-by-major-security-breach-on-ethereum-bridge/"},{"credibility":2,"name":"Crypto Hacks 2026: THORChain, Verus, Echo Hit — Coingabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/crypto-hack-2026-thorchain-verus-bridge-echo-protocol"},{"credibility":1,"name":"Verus-Ethereum Bridge official documentation — Verus Docs","type":"official","url":"https://docs.verus.io/eth-bridge/"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited for Over $11 Million — CryptoWisser","type":"news_article","url":"https://www.cryptowisser.com/news/verus-ethereum-bridge-exploited-for-over-11m-usd"}],"summary":"The Verus-Ethereum Bridge is a cross-chain asset transfer protocol connecting the Verus blockchain to Ethereum, launched in October 2023. On May 18, 2026, a critical validation flaw in the bridge's checkCCEValues function was exploited, allowing an attacker to drain approximately $11.58 million in assets — comprising 103.6 tBTC, 1,625 ETH, and 147,000 USDC — at a cost of roughly $10 in transaction fees. All stolen funds were converted to approximately 5,402 ETH and subsequently moved through Tornado Cash.","timeline":[{"date":"2023-10-01","event":"Verus-Ethereum Bridge launched under the tagline 'Bridging Done Right,' enabling asset transfers between Verus and Ethereum using consensus-based cryptographic proofs.","source":"Verus Docs","source_url":"https://docs.verus.io/eth-bridge/"},{"date":"2026-05-18","event":"Attacker wallet seeded with 1 ETH via Tornado Cash approximately 14 hours before the exploit, establishing a clean funding address.","source":"Bitcoin.com News","source_url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"date":"2026-05-18","event":"Exploit executed: attacker submitted a forged cross-chain import payload worth approximately $0.01 in VRSC; bridge released 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Blockaid flagged the active drain in real time.","source":"The Block / Blockaid","source_url":"https://www.theblock.co/post/401571/verus-ethereum-bridge-exploit"},{"date":"2026-05-18","event":"Attacker converted all stolen tBTC, ETH, and USDC into approximately 5,402 ETH (worth over $11.58 million) and held funds in address 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"date":"2026-05-18","event":"Verus blockchain halted block production approximately 12 hours after the attack as most block-generating nodes took themselves offline.","source":"Protos","source_url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"date":"2026-05-18","event":"Stolen funds moved through Tornado Cash; Verus team issued no public statement at time of initial reporting.","source":"Metaverse Post","source_url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"},{"date":"2026-05-18","event":"Halborn published post-mortem attributing the root cause to missing business-logic validation in checkCCEValues and recommending comprehensive logic review alongside standard code audits.","source":"Halborn","source_url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 9389f922-4abb-482c-9d99-7c0317a1b60a
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.