The Verus Ethereum bridge was exploited for $11.6 million this week, marking the latest in a string of DeFi attacks targeting cross-chain infrastructure. Two security companies have flagged the address holding the stolen funds, which show the attacker converted the haul into 5,402 Ether.
The bridge exploit
Details remain sparse, but the attacker apparently found a vulnerability in the bridge's smart contract. The Verus team has not yet confirmed whether they've identified the root cause or if a fix is in the works. Cross-chain bridges have become a prime target in 2026, with several incidents already this quarter.
Tracking the stolen funds
Two security firms — neither named in the initial reports — identified the wallet where the stolen cryptocurrencies landed. By converting the assets to Ether, the attacker tried to simplify the trail, though blockchain analysis tools are now monitoring the address. Whether the funds can be frozen or recovered depends on how quickly the bridge operators and exchanges respond.
The timing isn't great for the Verus ecosystem, which has been pushing its bridge as a key feature for interoperability. Users who had assets locked in the bridge are waiting for an update on whether any portion of the $11.6 million can be clawed back.
