In May 2026, the Verus Protocol suffered a hack targeting its Verus-Ethereum cross-chain bridge. The attacker exploited poor validation on the bridge to steal an estimated $11.58 million.
Inside the Attack
The root cause of this attack was that, while both sides of the cross-chain bridge performed validation, neither was required to validate a crucial field. In a nutshell, the hack happened because no one checked that the input amount on Verus matched the payout amount on Ethereum.
On the Verus side, the focus of the validation was on the structure and authenticity of the transfer blob. The protocol received a state root with a hash associated with a real blob and a valid Merkle Proof. However, this blob contained only about $0.01 worth of inputs. Since all of the components of the blob were valid, the Verus notaries accepted and approved it.
On the Ethereum side, the attacker submitted the signed transfer blob to the protocol’s submitImports() function. This function checked the notaries’ signatures, checked that the signed hash matched the blob, and extracted the payout instructions from the blob. This included the instruction to release an estimated $11.58 million to the attacker.
The transfer blob used in this attack had a fundamental mismatch of inputs and outputs: $0.01 worth of VRSC vs. $11.58 million in ETH, tBTC, and USDC. This mismatch should have been identified within the checkCCEValues function on the Ethereum side, but the smart contract was missing this crucial validation step.
Lessons Learned from the Attack
The Verus-Ethereum Bridge hack didn’t exploit cryptographic flaws or implementation errors. The smart contract code on both sides of the cross-chain bridge did exactly what it was supposed to do.
However, the protocol had a significant error in its transaction validation logic. Since neither side of the cross-chain bridge verified that the inputs and outputs matched, an attacker could build an unbalanced transaction that paid out far more than was put in. As long as the other aspects of the transfer blob were valid, it would be accepted and paid out.
This type of incident demonstrates the importance of a comprehensive review of a protocol’s business logic as well as the actual code. Ideally, this should be performed as early in the software development lifecycle as possible to minimize the costs and impact of potential logic errors. Halborn’s advisory services help DeFi protocols identify and mitigate these types of issues. Get in touch to learn more.