Particle.news
Get it on Google Play
Download on the App Store
7 ARTICLES
·
last wk.

Verus–Ethereum Bridge Drained in $11.6 Million Exploit

Security firms say a missing check in the bridge’s code let a fake transfer message unlock reserves.

Verus ethereum bridge drained of $11.5m in forged transfer exploit
On-chain data showed funds transferred through a forged bridge payload
Flagged live: attacker flips $11.5m in stolen verus assets to eth following tornado cash setup

Overview

  • The Verus–Ethereum bridge, which security monitors flagged late Sunday, was drained of about $11.5–$11.6 million in an ongoing exploit.
  • PeckShield reported the attacker took 103.6 tBTC, 1,625 ETH, and about 147,000 USDC, then swapped the haul into roughly 5,402 ETH.
  • GoPlus Security said a low‑value call to the bridge contract triggered a function that batch‑transferred the bridge’s reserve assets to the attacker’s wallet.
  • Blockaid and ExVul traced the root cause to a missing source‑amount check in the bridge’s verification function, not a signature bypass or stolen keys.
  • Investigators say the attacker funded the wallet with 1 ETH via Tornado Cash about 14 hours earlier, and the stolen ETH remains in a drainer address as the Verus team has yet to comment.