An attacker drained $11.58 million from the Verus-Ethereum Bridge on May 18, 2026, by submitting a forged cross-chain import payload that cryptographically passed every check the bridge ran — while depositing nearly zero real value on the Verus side. Blockchain security firm Blockaid flagged the exploit as it occurred. PeckShield subsequently quantified the theft at 103.6 tBTC, 1,625 ETH, and 147,000 USDC, all of which the attacker swapped into approximately 5,402 ETH and consolidated into a single wallet.
What Actually Failed
The Verus-Ethereum Bridge uses the Verus Internet Protocol, which notarizes Verus state roots and Merkle proofs through a multi-notary consensus layer. Eight of the bridge's fifteen notaries signed the state root the attacker submitted — because the cryptographic proof was structurally valid. The problem was that neither the Verus side nor the Ethereum side ever checked whether the source-chain export totals actually backed the payout amounts.
The attacker constructed a transfer blob committing to a payout — but with empty source-side totals: zero real value locked on Verus. The blob was signed by the notary threshold, and the attacker then called submitImports() on the Ethereum bridge contract with that signed proof. The contract verified the proof, decoded the blob, and paid out from its reserves. Security firm ExVul described the method as a "forged cross-chain import payload" that passed the full verification flow and triggered three separate transfers to a drainer wallet. Blockchain security researcher and SlowMist founder Cos assessed the root cause as a forged Merkle proof that passed bridge verification while allowing illegitimate withdrawals — noting the bridge's smart contract code is not open-source, which complicated rapid analysis.
The exploit cost roughly $10 in VRSC fees on the Verus side to initiate withdrawals worth millions. Developers identified the fix as approximately ten lines of Solidity code in the checkCCEValues function: validation that source-chain export totals actually back the requested payouts before funds are released. The attacker funded the initial exploit wallet with 1 ETH routed through Tornado Cash roughly fourteen hours before the drain, indicating preparation.
Protocol Response
No public pause announcement from the Verus team was confirmed at time of publication. Developers acknowledged the vulnerability and stated a Solidity patch is in preparation. The full post-mortem and bridge status should be tracked via official Verus channels.
2026 Bridge Losses Reach $329M
This is the eighth major bridge exploit of 2026 by PeckShield and Protos tracking, bringing the year's cumulative bridge losses to approximately $329 million. The structural failure — valid cryptographic proof, invalid economic backing — is the same class of vulnerability that produced the $320 million Wormhole hack in February 2022 and the $190 million Nomad bridge drain in August 2022. Both of those attacks also exploited the gap between proof correctness and economic validity: passing the signature or proof check is not the same as proving the underlying assets exist.
The distinction matters for protocol design. A bridge that notarizes state roots and verifies Merkle proofs has solved an important problem — it has not solved the problem of ensuring what those proofs represent is economically sound. Cross-chain bridges that conflate the two continue to produce the largest individual losses in DeFi each year.