Verus Bridge Suffers $11.5M Ethereum Linked Exploit

Attacker Converts Stolen Funds to ETH

A suspected exploit targeting the Verus Ethereum Bridge has resulted in losses of approximately $11.5 million, according to on-chain data cited by Lookonchain. Blockchain trackers say the attacker moved quickly after the breach, swapping all stolen funds into $ETH. Converting stolen assets into Ethereum, a more liquid and widely traded asset, is a well-documented tactic used to complicate tracing and recovery efforts.

The Verus-Ethereum Bridge uses the Verus Internet Protocol (VIP) for cross-chain communication, relying on cryptographic proofs with witnesses validating notarizations created by network validators. The bridge is trustless, decentralized, and non-custodial, meaning no single entity has control over the assets being transferred. Despite those design safeguards, the incident shows that even architectures built with security-first principles remain vulnerable.

Bridge Exploits Remain a Persistent Problem in DeFi

The Verus incident fits a broader and troubling pattern in decentralized finance. Bridges hold admin-level control over token contracts on destination chains, meaning a single validation failure can grant an attacker the ability to mint or drain unlimited supply. That structural risk has made cross-chain infrastructure the most consistently exploited category in crypto.

DeFi protocols lost more than $750 million to hacks and exploits in 2026, and the year was not even four months old. Two attacks alone accounted for more than $577 million of that total. Cross-chain bridges, the infrastructure that moves assets between blockchains, keep producing the largest single-day losses in crypto history.

The swift conversion of stolen assets into Ethereum after the Verus exploit mirrors tactics seen in previous incidents. In past bridge hacks, attackers have routinely routed funds through Ethereum to exploit its deep liquidity before attempting to move them through mixers or decentralized exchanges, making recovery progressively harder for the protocol team and investigators.

As of the time of reporting, no official statement had been issued by the Verus team regarding the scope of the breach, any planned remediation, or user compensation. Lookonchain remains the primary on-chain source tracking the movement of the stolen funds.

Sources:
Verus Ethereum Bridge, Official Project Page
CoinDesk: Bridge Exploit Coverage, April 2026
Phemex: Every Major DeFi Hack in 2026 So Far