---

An exploit hit the Verus-Ethereum Bridge in the early hours of May 18, 2026, draining approximately $11.6 million in crypto assets while security researchers were actively flagging the incident.

Blockchain security firm PeckShield first identified the drain, with Web3 security infrastructure company Blockaid also detecting the attack through its real-time monitoring systems. Blockaid, which has scanned more than 6.3 billion transactions and blocked more than 585 million attacks across the Web3 ecosystem, lends significant weight to its confirmation. The Verus core team had not issued a public statement as of the time this article was prepared.

At 02:54 UTC, when The Block reported the story, the exploit was described as ongoing.

What Was Taken

The attacker or attackers reportedly removed 103.6 tBTC, 1,625 ETH, and 147,000 USDC from the bridge's smart contracts. Whether the drained tBTC was held on the Ethereum side or the native Verus side has not been confirmed.

The tBTC component is notable: tBTC is Threshold Network's trust-minimized tokenized Bitcoin, backed one-to-one by actual BTC held across the Threshold protocol. Threshold held roughly 5,835 BTC in total across its system as of Q1 2026, representing around $566 million in cross-chain value.

Losing more than 100 units of tBTC to a single exploit raises questions about any bridge's credibility with Bitcoin holders, though the full significance will depend on details not yet established. No technical post-mortem has been published. The attack vector remains undisclosed. The root cause has not been established.

About the Bridge and the Project

Verus is an open-source blockchain launched in 2018 with no initial coin offering and no pre-mined supply. It uses a hybrid consensus model splitting block rewards 50% between proof-of-work miners and 50% between proof-of-stake stakers.

Its VerusHash 2.0 algorithm was designed to resist ASIC optimization, allowing miners to participate using CPUs and standard consumer hardware, which has made the network accessible to individual miners who cannot afford specialized rigs.

The Verus-Ethereum Bridge connects Verus to Ethereum using the project's proprietary Verus Internet Protocol (VIP). Cross-chain transfers are verified through a notarization system involving Verus miners and stakers before assets move. The bridge's own documentation previously stated: "Nothing is transferred over the bridge until it is proven and verified by consensus on the Verus side. All assets on the bridge are secured by the worldwide Verus network of miners and stakers."

The same documentation also claimed: "Threats caused by malicious notary witnesses, or stolen keys to drain funds are not viable against the Verus-Ethereum bridge." That assertion now faces direct scrutiny in light of the apparent exploit.

The bridge also runs a native automated market maker known as Bridge.vETH, whose reserves include VRSC, ETH, DAI, and MKR.

A Prior Warning on Record

On February 27, 2026, the VerusCoin team released version 1.2.15 of its software, which it described as "the second ever Verus/Ethereum contract upgrade."

The release notes stated the update contained "fixes which, if not upgraded as soon as possible, might be exploitable by advanced, bad actors to cause network disruption events." The notes also disclosed that the issues had been "found through continued auditing, by AIs and humans, in both the daemon and Ethereum contracts," a detail that underscores the active review the bridge contracts had been receiving. The notes specifically referenced issues related to vwBTC.vETH, the bridge's wrapped Bitcoin implementation.

Whether the May 18 exploit relates to that vulnerability class, or to a separate flaw, is not yet known.

What the February release suggests is that the bridge's smart contracts had potential security issues identified within the past three months.

At the time of writing, VRSC was trading at approximately $0.747, down 1.26% over the prior 24 hours, with a 24-hour trading volume of roughly $1,263 and a total market cap near $62.5 million. These figures were captured at research time and a fresh check is advised before relying on them. The low trading volume limits the token's liquidity, a condition that historically magnifies price movement when significant news circulates.

Who Gets Hurt Beyond the Headlines

Verus's ASIC-resistant mining design had built an established user base in regions where specialized mining rigs are unaffordable, particularly across South Asia and Sub-Saharan Africa.

Miners in India, Pakistan, Bangladesh, Nigeria, Kenya, and South Africa are among those who could participate using standard hardware, with the bridge serving as a route to convert holdings into ETH or stablecoins.

For those users, the $147,000 in USDC stolen is not an abstraction. In countries with volatile local currencies, dollar-pegged stablecoins function as savings instruments and remittance tools. A compromised bridge freezes access to those funds, and unlike users of regulated exchanges, people relying on non-custodial bridges have no deposit insurance, no dispute mechanism, and no regulatory body to contact.

This dynamic reflects a broader structural problem. Cross-chain bridges accounted for roughly 68% of DeFi losses in Q1 2026, according to data compiled by Phemex. More than $2.8 billion has been lost to bridge exploits since 2022. In April 2026 alone, around $625 million was stolen across 30 separate DeFi incidents, including the $292 million Kelp DAO exploit and a $285 million attack on Drift Protocol.

The Verus incident is smaller in scale but follows the same pattern: a bridge promoting trustless security guarantees, now facing questions about whether those guarantees held.

What Comes Next

Users and the broader DeFi community will be looking for a transparent incident report covering the attack vector, affected users, and any recovery plan.

Whether stolen assets can be traced or recovered depends on how the attacker moves funds through the Ethereum ecosystem. Bridge operators and security researchers will also be watching for any connection to the February contract vulnerabilities.

Verse Press will update this story as official statements and on-chain analysis become available.