Verus Protocol's Ethereum bridge was exploited on Monday through a fake cross-chain transfer message, allowing a hacker to fraudulently transfer out at least $11.58 million in cryptocurrency. Onchain security platform Blockaid identified the ongoing exploit and documented a transaction showing a transfer of 1,625 Ether (ETH), 147,659 USDC, and 103.57 tBTC v2, worth over $11.5 million. The stolen funds have since been converted into Ether, with the attacker's wallet holding a balance of 5,402 Ether, worth approximately $11.4 million according to Etherscan. Blockchain security company PeckShield confirmed the transfer as an exploit. The incident reflects a broader trend of DeFi vulnerabilities: crypto hackers stole more than $168.6 million from 34 decentralized finance protocols in the first quarter of 2026, with April marking two of the year's largest attacks—the $280 million Drift Protocol exploit and the $292 million Kelp exploit.
## Exploit Details
Blockaid's detection system identified the exploit on Monday and shared transaction data on Etherscan. The stolen assets included 1,625 ETH, 147,659 USDC, and 103.57 tBTC v2. PeckShield confirmed the transfer as an exploit, with onchain data showing the funds converted to 5,402 Ether in the attacker's wallet.
## Technical Analysis
Blockaid stated that the Verus Protocol incident resembles the $190 million Nomad Bridge exploit and the $325 million Wormhole exploit from 2022. The attacker exploited the bridge by deceiving the protocol into believing transfer instructions were real, causing the bridge to send funds from its reserves to the attacker's wallet.
Blockaid identified the root cause as a missing source-amount validation in checkCCEValues, requiring approximately 10 lines of Solidity code to fix. The security firm emphasized that this was "NOT an ECDSA bypass. NOT a notary key compromise. NOT a parser/hash-binding bug."
Blockchain security provider ExVul reached a similar conclusion, stating the attacker used a "forged cross-chain import payload" that passed the "bridge's verification flow" and resulted in "three attacker-attached transfers to the drainer wallet."
## Security Recommendations
ExVul recommended that "cross-chain import proofs must bind every downstream transfer effect to authenticated payload data before execution." The security provider advised bridges to "add strict payload-to-execution validation, defense in depth around proof verification and pause outbound flows when anomalous imports are detected."
## Related Incidents
The Verus exploit follows THORChain's confirmation on Saturday that it suffered a $10 million exploit. The incident is part of an escalating pattern of DeFi attacks in 2026.
