A forged cross-chain transfer message drained $11.58 million from the Verus-Ethereum bridge on May 18, 2026 — not by cracking cryptography, but by exploiting a gap the bridge's proof system was never designed to close.

What happened

Between May 17 and 18, an attacker submitted a cross-chain import payload to the Verus-Ethereum bridge that passed the protocol's full verification flow. The bridge notarized Verus state roots and validated Merkle proofs correctly. What it never checked was whether the source-chain export actually backed the claimed payout with real value.

The result: 103.57 tBTC v2, 1,625 ETH, and 147,659 USDC drained from bridge reserves in three transfers to a drainer wallet at 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9. The attacker subsequently converted all stolen assets into approximately 5,402 ETH — worth roughly $11.4 million at time of conversion — where they remain according to on-chain data cited by Blockaid and PeckShield. The attacker's originating address (0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777) was seeded with 1 ETH via Tornado Cash before the attack commenced.

Blockaid's detection system flagged the exploit in real time as it unfolded. Verus Protocol had not publicly confirmed the breach at the time of initial reporting.

The mechanic: valid proofs, invalid economics

Blockaid's post-incident characterization was precise: "NOT an ECDSA bypass. NOT a notary key compromise. NOT a parser/hash-binding bug. IS a missing source-amount validation in checkCCEValues — ~10 lines of Solidity to fix."

That single line describes the vulnerability class. Cross-chain bridges that rely on cryptographic proof systems implicitly assume that a proof of a valid state root is a proof of economic legitimacy. It is not. A forged import payload can be constructed to satisfy proof verification while asserting transfer amounts that have no corresponding locked value on the source chain. If the bridge executes transfers based on proof acceptance alone — without re-checking that the export actually committed sufficient reserves — the attacker receives funds backed by nothing.

Blockchain security firm ExVul confirmed the same conclusion independently: the attacker submitted a "forged cross-chain import payload" that passed "the bridge's verification flow," producing "three attacker-attached transfers to the drainer wallet." ExVul's remediation guidance: "Cross-chain import proofs must bind every downstream transfer effect to authenticated payload data before execution."

The same class as Wormhole and Nomad

Blockaid drew the comparison directly: the Verus incident resembles the $190 million Nomad Bridge exploit and the $325 million Wormhole exploit, both from 2022.

The structural parallel is precise. Wormhole's February 2022 exploit ($325M) allowed an attacker to mint 120,000 wETH on Solana without depositing the corresponding ETH on Ethereum — the guardian network's signature verification was bypassed, but the root cause was that minting authority was not gated on confirmed source-chain custody. Nomad's August 2022 exploit ($190M) stemmed from a routine upgrade that initialized a trusted root to zero, allowing any message to be proved valid — again, cryptographic form without economic substance. In all three cases, the attack surface was not the cryptographic primitive itself but the assumption that proof acceptance implies value commitment.

This is not a coincidence of timing. It is a design pattern: bridges that separate proof verification from reserve validation create an exploitable seam between the two. Closing it requires that every downstream execution effect be bound to authenticated, committed source-chain data — not merely to a proof that the message was well-formed.

Context: 8 bridge exploits, $328.6M in 2026

PeckShield reported that as of mid-May 2026, the crypto space had seen eight major bridge-related exploits totalling a cumulative $328.6 million drained from cross-chain protocols. That tally predates Verus, which adds another $11.58 million to the running count.

The pattern across those eight incidents does not suggest that bridges are becoming less secure in absolute terms. It suggests that the economic validation gap — the specific seam Wormhole, Nomad, and now Verus each exploited — has not been systematically closed. Teams that rely on proof correctness as a proxy for transfer legitimacy without separate reserve verification remain in the same vulnerability class, regardless of which proof scheme they use.

Verus team response

Verus Protocol had not publicly confirmed the exploit or issued a post-mortem at the time of publication. CoinTelegraph reported it had reached out for comment without response. The absence of an official statement is noted; this piece will be updated when one is available.

Primary sources: Blockaid X post (community alert, May 18, 2026), CoinTelegraph reporting citing Blockaid and ExVul direct quotes, PeckShield X post on bridge exploit tally, on-chain wallet data at 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9 via Etherscan as cited by Blockaid and PeckShield.