Verus Ethereum Bridge Exploit: Early Analysis of the $11.58M Drain

Executive summary

On 18 May 2026, the Verus Ethereum Bridge was exploited for approximately $11.58 million, 103.6 tBTC, 1,625 ETH, and 147,000 USDC. The bridge verified Merkle proofs from the Verus chain, but did not validate whether the claimed source-side value was backed by a legitimate deposit. An attacker used a forged cross-chain import payload to satisfy the proof check and trigger funds release without a real corresponding deposit.

The stolen assets were swapped and consolidated into approximately 5,402 ETH. The attacker wallet was initially funded through Tornado Cash, obscuring its origin.

What happened

Cross-chain bridges face a fundamental challenge: the destination side must decide whether to trust a claim that something happened on the source side. The most common mechanism is a Merkle proof, a cryptographic commitment that a specific event (typically: a deposit) was included in a source-chain block and is therefore real.

The Verus Bridge appeared to verify that a cross-chain import payload was structurally consistent with the Merkle proof. What it did not verify was whether the claimed value in the import actually corresponded to a genuine source-side deposit. The distinction matters: a forged payload can be constructed to be Merkle-valid, committed to a real block, without the underlying deposit ever having occurred, if the source-side commitment logic can be manipulated.

The attacker exploited this gap, submitting a crafted import payload that satisfied the bridge's proof verification while triggering a payout on the Ethereum side that had no real backing. The three asset pools, tBTC, ETH, and USDC, were drained in the attack.

Why proof verification is not enough

Merkle proof verification confirms that data was committed to a block. It does not confirm what that data means or whether the underlying economic event is real. A bridge that verifies proof structure but does not independently confirm the economic intent of the source-side event is relying on an incomplete set of guarantees.

This is a known class of risk in cross-chain design. "Proof validity" and "economic validity" are different claims, and a bridge that conflates them is building its security on an assumption that the source chain's commitment logic is completely sound and unforgeable. That is a significant trust dependency.

The attacker's use of Tornado Cash for initial wallet funding is also significant for operational security teams: it signals pre-operational obfuscation, meaning the exploit was planned, not opportunistic. By the time the exploit transaction hits the chain, the preparatory footprint has already been obscured.

What defenders can learn

Proof validity and value validity are separate checks. Verifying that a Merkle proof is structurally correct proves that data was committed to a block, nothing more. Bridges must separately validate the economic claim: that a deposit of the exact assets and amounts being released was legitimately made on the source side. These are two different guarantees and require two different controls.

Watch for Tornado Cash funding of fresh wallets. Pre-exploit wallet preparation is a detectable signal in many real-world attacks. Monitoring for newly-funded wallets interacting with bridge contracts, particularly those sourced from mixers, is a practical early-warning tripwire. The signal is noisy, but it is real.

Multi-asset bridge pools amplify blast radius. A single exploit affecting three separate asset pools is a direct consequence of a shared vulnerability in the cross-chain import path. Isolating asset pools behind independent validation logic, or adding per-asset circuit breakers, limits the damage if one path is compromised.

Key details

Date: 18 May 2026
Loss: ~$11.58M (103.6 tBTC, 1,625 ETH, 147K USDC)
Consolidated to: ~5,402 ETH
Chain: Ethereum / Verus cross-chain bridge
Attacker wallet: 0x5aBb91B9…
Drainer contract: 0x65Cb8b12…
Attacker funding source: Tornado Cash