Skip to content
- Verus bridge exploit drained millions before developers halted network operations completely.
- Blockchain security firms traced stolen assets through Ethereum wallet conversions rapidly.
- Investigators suspect bridge validation flaws enabled massive unauthorized reserve asset withdrawals.
The Verus developers decided to shut down the network after it was attacked and over $11 million was siphoned from its Ethereum bridge. Several blockchain security companies identified the exploit as a result of unusual transactions on the bridge that quickly drained the reserves and switched them to ETH. During the exploit the attacker employed the wallet address “0x5aBb…D5777”, according to blockchain security platform Blockaid. Some of the stolen money went to another wallet where the converted assets were placed, the firm added. In the meantime, blockchain investigator PeckShield said it had come to an estimate of losses of almost $11.58 million.
PeckShield reported that the attacker extracted 103.6 tBTC, 1,625 ETH and 147,000 USDC from the bridge’s reserves. The attacker then changed out the majority of the stolen funds for 5,402 ETH worth about $11.4 million. Furthermore, the security firm pointed out that the attacker’s wallet was loaded with 1 ETH hours prior to the exploit with funds provided by the Tornado Cash.
Furthermore, GoPlus Security detected unusual contact interactions before these interactions could be exploited. The attacker then sent a low-value transaction, which activated a function that moved reserve assets out of the bridge contract, according to the firm. GoPlus said that the attack was probably signature fraud or a bridge system access control vulnerability or withdrawal bypass.
Also Read: Peter Thiel-Backed Augustus Targets US Banking With AI Stablecoin Push
Verus Developers Shut Down Network in Investigation of Attack.
The Verus team has confirmed the incident via their Discord community just after the exploit became public. A number of nodes that were producing blocks voluntarily switched off once they heard of the effects associated with the attack design, developers said. As a result, the Verus network temporarily broke down, and engineers are looking into the details of the breach.
In addition, developers were exploring how attackers were able to circumvent protections on the bridge. The team also began to consider implementing recovery measures and other network responses. The project has not, however, explained if there is a provision to recover the user money at this juncture.
The exploit has also brought the security of cross-chain bridges back into the focus of decentralized finance (DeFi). The high reserve on the bridges and the sophisticated validation systems continue to attract attackers. Not to mention, the latest hacks in the crypto space have demonstrated that the weaknesses and vulnerabilities being attacked are shifting toward those concerning message verification and permission for contracts.
Verus was launched in 2018 as a hybrid PoW/PoS blockchain with a focus on privacy. In October 2023, the project launched its Ethereum bridge, enabling assets to be transferred between the two ecosystems. The Verus exploit now joins the latest series of big attacks on decentralized finance platforms this year. The incident has sparked a renewed focus on the security of bridge architecture and validator safeguarding in the crypto sector as developers keep digging into the incident.
Also Read: CFTC Eases Reporting Rules for Prediction Markets Amid Regulatory Pressure
