Scams Radar

Icon-facebook Icon-instagram-1 Tiktok Telegram Whatsapp Youtube Youtube

DeFi Alert: Verus-Ethereum Bridge Exploited for $11.6 Million

Warning symbol representing the Verus-Ethereum Bridge exploit and DeFi security breach

The DeFi protocol Verus is currently facing a major security crisis. Blockchain security firms report that an ongoing exploit targeting the Verus-Ethereum bridge has already drained approximately $11.58 million in crypto assets.

Security experts are actively tracking the stolen funds as the attack develops.

Breakdown of the Stolen Crypto Assets

On-chain security platform Blockaid first reported the attack on Sunday night. Security analysts identified the attacker’s primary address as 0x5aBb…D5777 and noted that the stolen funds were moved to a secondary wallet.

According to data from blockchain security firm PeckShield, the hacker successfully drained multiple asset pools from the bridge:

  • tBTC: 103.6 tokens
  • Ethereum (ETH): 1,625 tokens
  • USDC: 147,000 tokens

Following the initial theft, the attacker quickly swapped these mixed assets into a single holding of 5,402 ETH, valued at roughly $11.4 million.

How the Verus Bridge Exploit Happened

Blockchain security firm GoPlus analyzed the transaction history to determine the root cause of the exploit. The attacker’s wallet was initially funded with 1 ETH via the privacy mixer Tornado Cash just hours before the hack.

According to GoPlus, the hacker executed the exploit using a multi-step contract vulnerability:

  1. Low-Value Trigger: The attacker sent a low-value transaction directly to the bridge contract.
  2. Function Call: The hacker called a specific function within the smart contract.
  3. Batch Transfer: This function forced the bridge contract to batch-transfer its reserve assets straight to the drainer wallet.

Security researchers believe the exploit stems from an access control flaw, a withdrawal logic bypass, or a cross-chain signature forgery.

What is Verus?

Launched in 2018, Verus is a privacy-focused blockchain protocol. It operates on a unique hybrid “Proof-of-Power” consensus mechanism that combines Proof-of-Work (PoW) and Proof-of-Stake (PoS).

The protocol launched its Verus-Ethereum bridge in October 2023. The bridge was designed to allow users to seamlessly transfer and convert digital assets between the Verus network and the Ethereum ecosystem.

The Verus team has not yet released an official statement regarding the incident.

Reviews:

Leave Your Review Here:

Scams Radar disclaimer highlighting educational purpose, no financial guarantees, risk warnings, and independent opinions.