Blockaid and CertiK Alert reported suspicious activity tied to the Verus-Ethereum bridge. According to the alerts, the incident involved roughly $11.6M in drained assets, including ETH, tBTC and USDC.
🚨 Community alert:
Blockaid's exploit detection system has identified an on-going exploit on the @veruscoin Verus-Ethereum Bridge (https://t.co/HEwYZqFEfC).
~$11.58M drained so far.More details in🧵
— Blockaid (@blockaid_) May 18, 2026
The exploit affects users and liquidity tied to the bridge’s Ethereum-side reserves, where the attacker allegedly triggered payouts through fraudulent cross-chain transfer instructions. Blockaid said the issue was not a notary key compromise or ECDSA bypass, but a missing source-amount validation in the bridge logic.
We have seen a suspicious transaction that drained ~$11.4M (1625.36 ETH + 103.56 tBTC + 147.65K USDC) assets from the @VerusCoin Verus-Ethereum bridge contract at 0x71518580f36feceffe0721f06ba4703218cd7f63.
Stay Vigilant!https://t.co/W0TNRkS315 pic.twitter.com/xT5LKbk0mQ
— CertiK Alert (@CertiKAlert) May 18, 2026
The next point to watch is whether Verus confirms a full incident response, contract fix or recovery path. For now, security firms are treating the transaction flow as an active exploit case, with funds reportedly converted into ETH after the drain.
Source: Blockaid and CertiK Alert official X accounts.
Disclaimer: Crypto Economy Flash News are based on verified public and official sources. Their purpose is to provide fast, factual updates about relevant events in the crypto and blockchain ecosystem.
This information does not constitute financial advice or investment recommendation. Readers are encouraged to verify all details through official project channels before making any related decisions.
