By HIBIKI, CryptoCity
Verus Bridge Breached: $11.58 Million Heist Highlights Escalating DeFi Security Crisis
In a stark reminder of the persistent security challenges facing the decentralized finance (DeFi) landscape, Verus, a blockchain network known for its privacy and decentralization features, experienced a significant exploit on its Ethereum cross-chain bridge yesterday, May 18th. The attack resulted in a loss exceeding $11.58 million, with the Verus team yet to issue an official statement.
Verus Cross-Chain Bridge Suffers Multi-Million Dollar Exploit
Security firms PeckShield and Blockaid were quick to flag the incident, with on-chain data revealing the attacker siphoned off a substantial amount of digital assets. The haul included 103.6 tBTC, 1,625 Ethereum (ETH), and 147,000 USD Coin (USDC). These stolen assets were subsequently consolidated and converted into 5,402 ETH, indicating a calculated and efficient post-exploit liquidation strategy.
🚨 Community alert:
Blockaid’s exploit detection system has identified an on-going exploit on the @veruscoin Verus-Ethereum Bridge (https://t.co/HEwYZqFEc).
~$11.58M drained so far.More details in🧵
— Blockaid (@blockaid_) May 18, 2026
Further analysis by security agency GoPlus suggests the attacker likely initiated low-value transactions to the bridge contract before invoking a specific function to mass-transfer reserve assets to their wallet. Initial hypotheses point towards vulnerabilities such as cross-chain message verification forgery, withdrawal logic bypass, or critical access control flaws.
Echoing these concerns, SlowMist founder Cos (Yu Xian) highlighted the possibility that the attacker constructed a forged Merkle proof. This fraudulent proof, seemingly validated by the non-open-source Verus Ethereum bridge, allowed for the successful withdrawal of funds (ETH/tBTC/USDC). While specific details are still under investigation, this theory underscores a sophisticated attack vector.
看了下,这个 @VerusCoin 的桥被盗约 $11.5M,资金目标沉淀在:https://t.co/K57RnWVO5c
被盗原因可能是攻击者构造了一个伪造的 Merkle 证明,通过了 Verus 以太坊桥(未开源)的验证,于是顺利提走其中资金(ETH/tBTC/USDC)。具体细节需要再验证。
图 from https://t.co/rlIorNk6Bd https://t.co/hCZSWedUVV
— Cos(余弦)😶🌫️ (@evilcos) May 18, 2026
Intriguingly, approximately 14 hours prior to the attack, the attacker’s wallet received 1 ETH via the privacy mixer Tornado Cash, likely serving as initial funding for the exploit. As of writing, the Verus official team has yet to make a public statement regarding the incident.
A Troubling Pattern: Verus Attack Follows THORChain Exploit by Days
The Verus cross-chain bridge attack occurred just three days after another prominent cross-chain liquidity protocol, THORChain, fell victim to a similar security breach. As reported by CryptoCity, THORChain confirmed an exploit on May 15th, resulting in losses estimated at $10.8 million.
Following the detection of abnormal transactions, THORChain’s team swiftly halted trading and specific cross-chain functionalities, collaborating with security experts to launch an immediate investigation. Preliminary findings suggested the attackers exploited a vulnerability within the GG20 TSS multi-party signature mechanism, potentially in conjunction with malicious node collaboration. Crucially, individual user wallets were not compromised; the losses were primarily concentrated within the protocol’s own liquidity and internal asset pools.
DeFi Attacks Shift to Infrastructure Layer: Enhanced Stealth, Greater Impact
The year 2026 has proven to be a tumultuous one for DeFi security. Data from DeFiLlama reveals that even before the Verus incident, May 2026 had already seen 12 DeFi protocols attacked, with cumulative losses exceeding $20 million. The addition of Verus brings the total to 13 protocols and pushes the total losses into the tens of millions of dollars.
A disturbing trend emerging from recent exploits is a strategic shift by attackers. Rather than solely targeting smart contract vulnerabilities, hackers are now increasingly focusing on the more fundamental infrastructure layer of blockchain networks. Cross-chain protocols, in particular, present significantly higher risks compared to single-chain DeFi due to their intricate architectures, which involve complex processes like cross-chain information synchronization, validator networks, asset routing, and multi-party signatures.
These infrastructure-level attacks can encompass various vectors, including remote procedure calls (RPCs), validation networks, oracles, and cross-chain messaging systems. Such exploits are inherently more difficult to detect and, once successful, can facilitate the direct manipulation and large-scale transfer of funds with devastating efficiency.
A prime example is the KelpDAO hack that occurred earlier in 2026, resulting in a staggering loss of $292 million in a short period. A subsequent report by cross-chain protocol LayerZero attributed the core issue to KelpDAO’s adoption of a single validator model for its cross-chain configuration.
The attackers exploited this weakness by “poisoning” the RPC, thereby tampering with the on-chain state information of certain nodes. This manipulation led validators to misjudge the authenticity of information, ultimately allowing the attackers to forge cross-chain messages and bypass critical security checks. LayerZero’s co-founder publicly acknowledged a design flaw in the protocol and committed to taking responsibility for the incident.
- Detailed Report: LayerZero Admits Design Flaw: Unpacking the $290M KelpDAO Hack’s Security Blind Spots
From Crisis to Catalyst: DeFi Enters a Period of Critical Re-evaluation
While 2026 has undoubtedly been a challenging year for the DeFi sector, the frequent security incidents are also serving as a crucial catalyst for industry introspection and growth. Many cross-chain systems, despite championing decentralization, often rely heavily on a limited number of validator nodes or relay infrastructure in practice. This centralization risk means that the compromise of even a single validator node can provide attackers with an opportunity to forge cross-chain information, effectively enabling them to mint or transfer assets out of thin air.
As the volume of on-chain capital continues to expand, so too does the incentive for sophisticated hackers to dedicate resources to uncovering architectural weaknesses within cross-chain protocols. This escalating arms race concurrently increases both the complexity of infrastructure-level attacks and their potential for widespread destruction.
Looking ahead, the trajectory of DeFi development is expected to pivot from a relentless pursuit of rapid innovation towards a more robust, security-first paradigm. Key focus areas for the next generation of infrastructure will include modular architectures, enhanced privilege isolation, real-time risk monitoring, and multi-layered verification systems. As cross-chain protocols increasingly solidify their role as the backbone of decentralized finance, market demands for their stability and security will undoubtedly become more stringent.
Crucially, the willingness of major protocols to openly acknowledge architectural design flaws signals a maturing culture of accountability within the Web3 industry. Furthermore, the rapid mobilization of $300 million in funds to address bad debt following the KelpDAO incident showcased the remarkable resilience of the Ethereum ecosystem.
(The above content is an excerpt and reproduction authorized by our partner CryptoCity.)
Disclaimer: This article is for market information purposes only. All content and views are for reference only and do not constitute investment advice. They do not represent the views and positions of BlockTempo. Investors should make their own decisions and trades. The author and BlockTempo will not be held responsible for any direct or indirect losses incurred by investors’ transactions.
