Audit log

Every state-changing event for Verus Protocol Ethereum Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-14 17:08:49Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 426,458,828

   sig

   2L8rcvWmFZwJ…UthcuVoNcopyexplorer ↗

   hash

   GgqJtdXdwx9P…L8MX3wCvcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (21701 B) ▸

   {"actor":"system:backfill","investigation_id":"25a63bee-d211-406a-87b5-7f88d5de2606","kind":"publish","page_slug":"verus-protocol-ethereum-bridge","published_at":"2026-06-14T17:08:49.094Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Verus Protocol Ethereum Bridge","sections":[{"content":"Verus Protocol is a decentralized, open-source blockchain project launched in 2018 by Michael J. Toutonghi, a former Microsoft Technical Fellow and Vice President, along with a group of volunteer technology professionals. The project's native coin is VRSC, which employs a hybrid Proof-of-Work/Proof-of-Stake consensus algorithm called Proof of Power. Verus is built on foundations derived from Komodo and Zcash, and incorporates zero-knowledge Sapling technology. The Verus-Ethereum Bridge is a component of the broader Verus Public Blockchains as a Service (PBaaS) architecture, facilitating decentralized transfers of assets — including VRSC, tBTC, ETH, DAI, and USDC — between the Verus blockchain and the Ethereum network. The bridge relies on a notary system in which 8 of 15 designated notaries must sign a state root for a cross-chain transfer to be accepted as valid.","heading":"Background","severity":"low","sources":[{"credibility":2,"name":"Verus - Decentralized Finance (IQ.wiki)","type":"research","url":"https://iq.wiki/wiki/verus"},{"credibility":2,"name":"Verus Internet Protocol — Provable, Decentralized Cross-chain Communication (Medium)","type":"official","url":"https://medium.com/veruscoin/verus-internet-protocol-vip-provable-decentralized-cross-chain-communication-8d9414a429c5"}]},{"content":"On May 18, 2026, an attacker exploited a critical validation flaw in the Verus-Ethereum Bridge and drained approximately $11.58 million in digital assets. The stolen assets comprised 103.6 tBTC (Threshold Network's tokenized Bitcoin), 1,625 ETH, and approximately 147,000 USDC. Blockaid first detected suspicious activity at approximately 00:54 GMT involving the Verus-Ethereum Bridge contract and flagged the exploit as ongoing. PeckShield independently confirmed the theft and tracked the consolidation of all stolen assets into 5,402.4 ETH held in attacker wallet 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9. The attacker's wallet had been funded with 1 ETH via Tornado Cash approximately 14 hours before the exploit was executed, and the attacker spent only approximately $10 in VRSC transaction fees to drain the entire bridge reserve.","heading":"May 2026 Exploit — Overview","severity":"critical","sources":[{"credibility":1,"name":"Verus-Ethereum bridge loses $11 million as hackers keep targeting cross-chain infrastructure (CoinDesk)","type":"news_article","url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"credibility":2,"name":"Verus suffers $11.5M hack as bridge-related exploits hit $329M in 2026 (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"},{"credibility":1,"name":"Ongoing exploit drains $11.6 million from Verus-Ethereum bridge: Blockaid (The Block)","type":"news_article","url":"https://www.theblock.co/post/401571/verus-ethereum-bridge-exploit"},{"credibility":2,"name":"Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup (Bitcoin.com News)","type":"news_article","url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"}]},{"content":"Security researchers identified the root cause as a business-logic failure rather than a cryptographic compromise. The bridge's cross-chain transfer process involved two sides: on the Verus side, notaries verified the structure and authenticity of a transfer blob and signed the resulting state root; on the Ethereum side, the bridge's submitImports() function verified the signed proof and hash matching. However, neither side was required to validate that the input amount committed on the Verus side matched the payout amount to be released on the Ethereum side. The attacker constructed a cross-chain export containing only approximately $0.01 (roughly 0.02 VRSC) in source-side input. All structural and cryptographic components of the blob were valid, so the 8-of-15 notaries signed the resulting state root. The Ethereum bridge's submitImports() function then released 103.6 tBTC, 1,625 ETH, and 147,000 USDC from reserves against the fraudulent proof, as the checkCCEValues validation step lacked a check confirming input and output amounts were equal. Blockaid described the vulnerability as belonging to the same class as the 2022 Wormhole ($320 million) and Nomad ($190 million) bridge exploits, both of which also involved gaps between source-chain proof verification and destination-chain value binding. Blockaid estimated the fix required only approximately 10 lines of Solidity code.","heading":"Technical Root Cause — Input/Output Validation Failure","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) (Halborn)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap (Metaverse Post)","type":"news_article","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M (Protos)","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Verus suffers $11.5M hack as bridge-related exploits hit $329M in 2026 (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"}]},{"content":"The attacker's Ethereum wallet was funded with 1 ETH via Tornado Cash approximately 14 hours before the exploit was executed on May 18, 2026, a pattern consistent with deliberate pre-planning to obscure the origin of funds used to initiate the attack. After draining the bridge, the attacker consolidated all stolen assets — 103.6 tBTC, 1,625 ETH, and approximately 147,000 USDC — into approximately 5,402.4 ETH in a single wallet (0x65Cb8b128Bf6e690761044CCECA422bb239C25F9). The use of Tornado Cash for wallet seeding and the rapid consolidation of diverse assets into a single ETH-denominated holding is consistent with obfuscation techniques documented in prior bridge exploits.","heading":"Attacker Funding and Asset Laundering","severity":"critical","sources":[{"credibility":2,"name":"Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup (Bitcoin.com News)","type":"news_article","url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"credibility":2,"name":"Verus-Ethereum Bridge Loses $11.5M as Attacker Swaps All Funds to ETH (CoinFomania)","type":"news_article","url":"https://coinfomania.com/verus-ethereum-bridge-loses-11-5m-as-attacker-swaps-all-funds-to-eth/"},{"credibility":3,"name":"Verus Bridge Hack: $11.58M Stolen, Hacker Swaps to 5,402 ETH (CoinAlertNews)","type":"news_article","url":"https://coinalertnews.com/news/2026/05/18/verus-bridge-hack-eth-swap"}]},{"content":"Approximately 12 hours after the initial exploit, the Verus blockchain halted block production. The Verus core team stated via the project's Discord channel that most block-generating nodes had taken themselves offline in response to byproducts of the attack. Two days before the exploit, on approximately May 16, 2026, Verus had released what it described as an \"urgent and mandatory\" emergency update, version 1.2.14-2, referencing a vulnerability fix. As of reporting, the relationship between the patched vulnerability in that update and the exploited validation gap has not been publicly clarified by the Verus team. No public post-mortem from the Verus development team has been identified in available sources.","heading":"Network Shutdown and Immediate Response","severity":"high","sources":[{"credibility":3,"name":"Verus Network Halts Layer 1 Chain After $11.6M Bridge Exploit (PulseChain Nexus)","type":"news_article","url":"https://www.pulsechain.nexus/verus-network-halts-layer-1-chain-after-11-6m-bridge-exploit/"},{"credibility":2,"name":"Verus Ethereum bridge exploit: $11.6M drained as nodes halt (Cryptonomist)","type":"news_article","url":"https://en.cryptonomist.ch/2026/05/18/verus-ethereum-bridge-exploit/"},{"credibility":2,"name":"Verus suffers $11.5M hack as bridge-related exploits hit $329M in 2026 (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"}]},{"content":"Following the exploit, the Verus team entered into direct negotiations with the exploiter. Verus offered the attacker a bounty of 1,350 ETH (approximately $2.8 million) in exchange for returning the remaining 4,052 ETH (approximately $8.5 million) within 24 hours. The Verus team also agreed to halt all investigations if the attacker complied with the terms. On May 22, 2026, the exploiter returned 4,052.4 ETH to a Verus team wallet (0xF9AB...C1A74), representing approximately 75% of the total stolen value. The attacker retained the negotiated 1,350 ETH bounty, representing approximately 25% of stolen funds, or roughly $2.8 million at then-current prices. The negotiated settlement was framed by the Verus team as a structured return process intended to recover the majority of user funds quickly rather than pursue legal escalation.","heading":"Fund Recovery and Bounty Negotiation","severity":"high","sources":[{"credibility":2,"name":"Verus Recovers 4,052 ETH as Bridge Hacker Keeps $2.8M Bounty (CoinCentral)","type":"news_article","url":"https://coincentral.com/verus-recovers-4052-eth-as-bridge-hacker-keeps-2-8m-bounty/"},{"credibility":2,"name":"Verus Hacker Returns $8.5M After Bridge Exploit Deal (CryptoTimes)","type":"news_article","url":"https://www.cryptotimes.io/2026/05/22/verus-hacker-returns-8-5m-after-bridge-exploit-deal/"},{"credibility":1,"name":"Verus Bridge Hacker Returns $8.5M ETH, Keeps $2.8M as Bounty (CoinTelegraph)","type":"news_article","url":"https://cointelegraph.com/news/verus-bridge-hacker-returns-85m-eth-28m-bounty"},{"credibility":2,"name":"Verus Bridge Hacker Returns $8.5 Million in ETH After Protocol Offers 1,350 ETH Bug Bounty (FinanceFeeds)","type":"news_article","url":"https://financefeeds.com/verus-bridge-hacker-returns-8-5-million-in-eth/"},{"credibility":1,"name":"Verus bridge exploiter returns 4,052 ETH, retains $2.8 million bounty: onchain analyst (The Block)","type":"news_article","url":"https://www.theblock.co/post/402319/verus-bridge-exploiter-returns-4052-eth"}]},{"content":"The Verus bridge exploit occurred amid a broader resurgence of cross-chain bridge attacks in 2026. PeckShield reported that eight major bridge-related exploits through mid-May 2026 resulted in cumulative losses of approximately $328.6 million. The Verus incident pushed the year-to-date total past $329 million. Notable co-occurring incidents included a $10 million THORChain exploit and a $76 million Echo Protocol exploit on the same day, May 18, 2026. A single April 2026 incident involving rsETH accounted for approximately $290 million of the 2026 total. Security researchers noted that while cross-chain bridge exploits dominated 2022 — six major incidents totaling $1.9 billion — attackers had subsequently shifted toward social engineering and supply-chain compromises before returning to infrastructure-layer attacks in 2026.","heading":"Broader 2026 Bridge Exploit Context","severity":"medium","sources":[{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M (Protos)","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Verus suffers $11.5M hack as bridge-related exploits hit $329M in 2026 (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"},{"credibility":2,"name":"Verus-Ethereum Bridge Exploited for $11 Million — While Echo Protocol Loses $76 Million on Same Day (CoinsTelegram)","type":"news_article","url":"https://coinstelegram.com/news/verus-ethereum-bridge-exploited-for-11-million-while-echo-protocol-loses-76-million-on-same-day/"},{"credibility":2,"name":"Crypto Bridge Hacks Top $328M in 2026 as Cross-Chain Exploits Accelerate (CryptoTimes)","type":"news_article","url":"https://www.cryptotimes.io/2026/05/18/crypto-bridge-hacks-top-328m-in-2026-as-cross-chain-exploits-accelerate/"}]},{"content":"No evidence of a prior third-party security audit of the Verus-Ethereum Bridge has been identified in available sources. Halborn's post-exploit analysis characterized the incident as a business-logic failure rather than a cryptographic vulnerability, noting that the code executed as designed but that the design itself was flawed. Blockaid described the fix as requiring only approximately 10 lines of code, suggesting the vulnerability was a narrow but critical omission in validation logic rather than a systemic architectural failure. The emergency update released two days before the exploit (version 1.2.14-2) has not been publicly connected to the exploited vulnerability by the Verus team. The absence of documented prior audits and the presence of an industry-recognized class of validation flaw that had been documented in prior major exploits (Wormhole 2022, Nomad 2022) raises questions about the bridge's pre-deployment security review process.","heading":"Audit History and Security Posture","severity":"high","sources":[{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) (Halborn)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M (Protos)","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap (Metaverse Post)","type":"news_article","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"}]}],"sources_used":[{"credibility":2,"name":"Explained: The Verus-Ethereum Bridge Hack (May 2026) (Halborn)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"credibility":1,"name":"Verus-Ethereum bridge loses $11 million as hackers keep targeting cross-chain infrastructure (CoinDesk)","type":"news_article","url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"credibility":2,"name":"Verus suffers $11.5M hack as bridge-related exploits hit $329M in 2026 (Cryptopolitan)","type":"news_article","url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"},{"credibility":2,"name":"Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup (Bitcoin.com News)","type":"news_article","url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M (Protos)","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Verus Recovers 4,052 ETH as Bridge Hacker Keeps $2.8M Bounty (CoinCentral)","type":"news_article","url":"https://coincentral.com/verus-recovers-4052-eth-as-bridge-hacker-keeps-2-8m-bounty/"},{"credibility":1,"name":"Verus Bridge Hacker Returns $8.5M ETH, Keeps $2.8M as Bounty (CoinTelegraph)","type":"news_article","url":"https://cointelegraph.com/news/verus-bridge-hacker-returns-85m-eth-28m-bounty"},{"credibility":2,"name":"Verus Hacker Returns $8.5M After Bridge Exploit Deal (CryptoTimes)","type":"news_article","url":"https://www.cryptotimes.io/2026/05/22/verus-hacker-returns-8-5m-after-bridge-exploit-deal/"},{"credibility":2,"name":"Verus Bridge Hacker Returns $8.5 Million in ETH After Protocol Offers 1,350 ETH Bug Bounty (FinanceFeeds)","type":"news_article","url":"https://financefeeds.com/verus-bridge-hacker-returns-8-5-million-in-eth/"},{"credibility":1,"name":"Verus bridge exploiter returns 4,052 ETH, retains $2.8 million bounty: onchain analyst (The Block)","type":"news_article","url":"https://www.theblock.co/post/402319/verus-bridge-exploiter-returns-4052-eth"},{"credibility":1,"name":"Ongoing exploit drains $11.6 million from Verus-Ethereum bridge: Blockaid (The Block)","type":"news_article","url":"https://www.theblock.co/post/401571/verus-ethereum-bridge-exploit"},{"credibility":2,"name":"Verus Ethereum Bridge Exploited For $11.58M, Researchers Trace Flaw To Cross-Chain Validation Gap (Metaverse Post)","type":"news_article","url":"https://mpost.io/verus-ethereum-bridge-exploited-for-11-58m-researchers-trace-flaw-to-cross-chain-validation-gap/"},{"credibility":2,"name":"Verus Ethereum bridge exploit: $11.6M drained as nodes halt (Cryptonomist)","type":"news_article","url":"https://en.cryptonomist.ch/2026/05/18/verus-ethereum-bridge-exploit/"},{"credibility":2,"name":"Verus - Decentralized Finance (IQ.wiki)","type":"research","url":"https://iq.wiki/wiki/verus"},{"credibility":2,"name":"Verus Bridge Exploited: $11.58M Drained, Attack Still Live (CCN)","type":"news_article","url":"https://www.ccn.com/news/crypto/verus-bridge-exploited-12m-drained-attack-still-live/"},{"credibility":2,"name":"Crypto Bridge Hacks Top $328M in 2026 as Cross-Chain Exploits Accelerate (CryptoTimes)","type":"news_article","url":"https://www.cryptotimes.io/2026/05/18/crypto-bridge-hacks-top-328m-in-2026-as-cross-chain-exploits-accelerate/"},{"credibility":2,"name":"Verus-Ethereum Bridge Exploited for $11 Million — While Echo Protocol Loses $76 Million on Same Day (CoinsTelegram)","type":"news_article","url":"https://coinstelegram.com/news/verus-ethereum-bridge-exploited-for-11-million-while-echo-protocol-loses-76-million-on-same-day/"}],"summary":"The Verus-Ethereum Bridge is a cross-chain infrastructure component enabling asset transfers between the Verus (VRSC) network and Ethereum. On May 18, 2026, the bridge was exploited for approximately $11.58 million through a business-logic validation flaw that allowed an attacker to withdraw far more value on the Ethereum side than was deposited on the Verus side. Following negotiations, the attacker returned approximately 75% of the stolen funds (4,052 ETH) in exchange for a 1,350 ETH bounty and an agreement to halt investigations.","timeline":[{"date":"2026-05-16","event":"Verus released emergency update version 1.2.14-2, described as an 'urgent and mandatory' vulnerability fix. The relationship between this patch and the subsequent exploit has not been publicly clarified.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/verus-suffers-11-5m-hack-as-bridge-related-exploits-hit-329m-in-2026/"},{"date":"2026-05-17","event":"Attacker's Ethereum wallet funded with 1 ETH via Tornado Cash, approximately 14 hours before the exploit was executed.","source":"Bitcoin.com News","source_url":"https://news.bitcoin.com/verus-ethereum-bridge-hack-11-million-tornado-cash-2026/"},{"date":"2026-05-18","event":"Attacker submitted a forged cross-chain export containing approximately 0.02 VRSC (~$0.01) with an empty source-side total. Notaries signed the state root. The submitImports() function on Ethereum released 103.6 tBTC, 1,625 ETH, and ~147,000 USDC due to a missing input/output amount check in checkCCEValues.","source":"Halborn","source_url":"https://www.halborn.com/blog/post/explained-the-verus-ethereum-bridge-hack-may-2026"},{"date":"2026-05-18","event":"Blockaid detected suspicious activity at approximately 00:54 GMT and flagged the Verus-Ethereum Bridge contract as under active exploit.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"date":"2026-05-18","event":"PeckShield confirmed the theft. Attacker consolidated all stolen assets into approximately 5,402.4 ETH (~$11.4 million) in wallet 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2026/05/18/yet-another-crypto-bridge-falls-victim-to-an-usd11-million-hack"},{"date":"2026-05-18","event":"Approximately 12 hours after the initial exploit, the Verus Layer 1 blockchain halted block production as most block-generating nodes took themselves offline.","source":"Protos","source_url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"date":"2026-05-22","event":"After direct negotiations, the exploiter returned 4,052.4 ETH (~$8.5 million, or approximately 75% of stolen funds) to Verus team wallet 0xF9AB...C1A74. The attacker retained 1,350 ETH (~$2.8 million) as a negotiated bounty. Verus agreed to halt all investigations.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/verus-bridge-hacker-returns-85m-eth-28m-bounty"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 23affe24-aff5-4c67-9add-7e52843dd89dcopy