Skip to main content
Sign in

Verus Protocol Ethereum Bridge

avoid.net/verus-protocol-ethereum-bridge20/100·85% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·2L8rcv…uVoN

Summary

The Verus-Ethereum Bridge is a cross-chain infrastructure component enabling asset transfers between the Verus (VRSC) network and Ethereum. On May 18, 2026, the bridge was exploited for approximately $11.58 million through a business-logic validation flaw that allowed an attacker to withdraw far more value on the Ethereum side than was deposited on the Verus side. Following negotiations, the attacker returned approximately 75% of the stolen funds (4,052 ETH) in exchange for a 1,350 ETH bounty and an agreement to halt investigations.

Connected Entities

1 entities · 10 linked investigations
Protocols
Verus Protocol Ethereum Bridge
Relationships
    Also appears in
    edgeX Exchange·28Mach-O Man Malware Campaign (Lazarus / Chollima)·0Gamma Strategies·28Alephium Bridge·18Bunni Protocol·28Shunda Park Scam Compound·0Thorchain DEX·14Crossmint·70Access Protocol·47Orca·80
    Have evidence about Verus Protocol Ethereum Bridge?

    Timeline(7 events)

    2026-05-16

    Verus released emergency update version 1.2.14-2, described as an 'urgent and mandatory' vulnerability fix. The relationship between this patch and the subsequent exploit has not been publicly clarified.

    Cryptopolitan

    2026-05-17

    Attacker's Ethereum wallet funded with 1 ETH via Tornado Cash, approximately 14 hours before the exploit was executed.

    Bitcoin.com News

    2026-05-18

    Attacker submitted a forged cross-chain export containing approximately 0.02 VRSC (~$0.01) with an empty source-side total. Notaries signed the state root. The submitImports() function on Ethereum released 103.6 tBTC, 1,625 ETH, and ~147,000 USDC due to a missing input/output amount check in checkCCEValues.

    Halborn

    2026-05-18

    Blockaid detected suspicious activity at approximately 00:54 GMT and flagged the Verus-Ethereum Bridge contract as under active exploit.

    CoinDesk

    2026-05-18

    PeckShield confirmed the theft. Attacker consolidated all stolen assets into approximately 5,402.4 ETH (~$11.4 million) in wallet 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.

    CoinDesk

    2026-05-18

    Approximately 12 hours after the initial exploit, the Verus Layer 1 blockchain halted block production as most block-generating nodes took themselves offline.

    Protos

    2026-05-22

    After direct negotiations, the exploiter returned 4,052.4 ETH (~$8.5 million, or approximately 75% of stolen funds) to Verus team wallet 0xF9AB...C1A74. The attacker retained 1,350 ETH (~$2.8 million) as a negotiated bounty. Verus agreed to halt all investigations.

    CoinTelegraph
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 6/14/2026, 5:08:39 PM

    last updated: 6/14/2026, 5:08:49 PM

    avoid.net — verified advice for a post-truth world