An ongoing exploit on the Verus-Ethereum Bridge has drained $11.58 million in assets, and the vulnerability is still live. Security firm Blockaid flagged the exploit, but the bridge has not yet been fully secured — meaning the attacker can keep pulling funds out.
How the exploit unfolded
The incident was detected when Blockaid alerted the team to unusual activity on the bridge. The exact method of the attack hasn't been disclosed, but the numbers are clear: $11.58 million in various assets have moved out so far. Because the vulnerability remains active, the total could climb.
What Blockaid found
Blockaid, a blockchain security firm, identified the exploit and flagged it publicly. The firm didn't release a detailed post-mortem yet, but the ongoing nature of the attack suggests the bridge's smart contract still has a hole that hasn't been patched.
What users should do now
Anyone who has funds on the Verus-Ethereum Bridge should consider moving them off immediately — if they can. The fact that the exploit is still going means the attacker might be able to drain deposits as they come in. The bridge team hasn't issued a statement on estimated time for a fix.
The immediate question is whether the team can pause the bridge or deploy a patch while the attacker is still active. Until that happens, the drain continues. Blockaid and other security firms are likely monitoring the situation, but for now, it's a race to secure the contract before more funds vanish.
