On May 17, 2026, a hacker stole around $11.58 million worth of assets from the Verus-Ethereum Bridge in one transaction. This is particularly noteworthy because the project had specifically advertised its protection against the very type of smart contract vulnerability that was exploited.
Blockchain security firm Blockaid detected the exploit as it happened, and the details were quickly shared on X (formerly Twitter) by the on-chain intelligence account @coinxtreme_en.
A recent report indicates that a wallet – 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9 – received around $19.39 million in a single transaction, including 1,625 ETH (approximately $3.43 million), 103.57 tBTC (worth about $7.96 million), and 147,000 USDC. The report, shared on X, states that the majority of these stolen funds were then exchanged for ETH using Uniswap.
The Marketing That Made The Ethereum Attack Worse
The attack was especially damaging because of how Verus designed its bridge. The project specifically advertised that the bridge relied on core protocol rules rather than potentially flawed custom code, aiming to reassure users worried about the smart contract bugs that have caused major problems in the DeFi space.
As a crypto investor, I’ve been following the Verus bridge situation closely. What’s interesting is how it was designed – it heavily relied on strong cryptography, witnesses confirming transactions, and core protocol rules instead of complex, custom code like you see in many other bridges. According to a recent post, this ‘no code to exploit’ approach, which was actually a key part of their marketing, ironically became its biggest weakness when the exploit happened. It’s a tough lesson – sometimes simplicity isn’t always the best defense.
A Suspicious Timeline
The events leading up to the attack suggest it was a carefully planned operation, not a random attempt. Two days before it happened, Verus released a critical, required update (version 1.2.14-2) to fix a security flaw they didn’t fully disclose.
A recent post by @coinxtreme_en shows the attacker’s wallet received funds through Tornado Cash about 11 to 13 hours after the initial announcement. This timing suggests the attacker likely knew about the vulnerability beforehand and used the time window during the emergency update to set up the tools needed for the attack.
This kind of situation isn’t unusual in the world of DeFi. Often, quick fixes for security flaws only partially address the problem, giving skilled individuals a brief opportunity to take advantage before everyone else realizes there’s a risk.
Cross-chain bridges continue to be the weakest link in the world of decentralized finance, accounting for a large portion of all losses since 2021. The recent Verus hack highlights a costly lesson the industry keeps learning: even well-designed systems need rigorous testing, thorough security checks, and the ability to quickly shut down if a threat appears. Another bridge has been compromised, proving that simply *claiming* a system is secure isn’t enough – it needs to *be* secure in reality.
Ethereum’s price is currently trending downwards after a relatively weak weekend. It has fallen approximately 10% in the last week and around 3% in the last day.
Cover image from ChatGPT, ETHUSD chat from Tradingview
Read More
- Re:Zero Season 4, Episode 6 Release Date & Time
- NTE Drift Guide (& Best Car Mods for Drifting)
- How to Get the Wunderbarrage in Totenreich (BO7 Zombies)
- How to Beat Turbines in ARC Raiders
- How to Get Necrolei Cyst & Strong Acid in Subnautica 2
- All Aswang Evidence & Weaknesses in Phasmophobia
- Alan Wake Event in Phasmophobia, Explained
- Diablo 4 Best Loot Filter Codes
- How to Craft Repair Tools in Subnautica 2
- Best Where Winds Meet Character Customization Codes
2026-05-18 12:43