The Verus-Ethereum bridge was hacked on Monday, with the attacker draining 103.6 tBTC (Threshold Network’s tokenized bitcoin), 1,625 ETH, and 147,000 USDC before swapping the proceeds into 5,402.4 ETH — worth just over $11 million — now sitting in wallet 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9, according to PeckShield.
Why it matters
The Verus-Ethereum bridge is a cross-chain rail for moving value between the Verus network and Ethereum, including ETH and ERC-20 assets. The exploit lands in a year Phemex argues is being defined less by smart-contract bugs than by attacks on the infrastructure that connects chains or handles cross-protocol messaging. The exchange notes that the two largest losses of 2026 so far — the Drift and Kelp DAO incidents — both stemmed from cross-chain plumbing rather than contract code, and that four of the smaller exploits also targeted bridge-related components.
Market impact
The dollar figure is modest next to April’s $293 million Kelp DAO breach — which used LayerZero’s cross-chain messaging system and spilled collateral damage across the DeFi ecosystem — but the pattern is what traders and risk teams are tracking. Phemex framed it bluntly: bridge exploits consistently produce the largest individual losses in any given year, and the cadence of incidents is not coincidental. For Ethereum-linked DeFi, the read is that custody, oracle, and bridge layers remain the soft underbelly of multi-chain capital flows, even as core contract audits harden.
Frequently asked questions
-
What happened in the Verus-Ethereum bridge hack?
On Monday, the Verus-Ethereum bridge was exploited for roughly $11 million. The attacker drained 103.6 tBTC, 1,625 ETH, and 147,000 USDC, then swapped the proceeds into 5,402.4 ETH now sitting in wallet 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9, according to PeckShield.
-
How does the Verus-Ethereum bridge work?
It is a cross-chain bridge that lets users move value between the Verus network and Ethereum, supporting ETH and ERC-20 assets — making it a piece of infrastructure that connects two distinct chains rather than a single-chain smart contract.
-
How does this compare to the $293M Kelp DAO hack in April?
The April Kelp DAO exploit was about 27x larger at $293 million and targeted bridge infrastructure connecting multiple blockchains via LayerZero’s cross-chain messaging system, spilling collateral damage across the DeFi ecosystem. The Verus-Ethereum loss is far smaller in dollar terms but fits the same pattern.
-
Why are crypto bridges and cross-chain messaging being targeted?
Phemex argues the largest 2026 losses — the Drift and Kelp DAO incidents — came from infrastructure that connects chains or handles cross-protocol messaging, not from smart contract bugs themselves. Bridge and messaging exploits consistently produce the year’s largest individual losses.
-
What assets were stolen in the Verus-Ethereum exploit?
The attacker took 103.6 tBTC (Threshold Network’s tokenized bitcoin), 1,625 ETH, and 147,000 USDC, then converted the total into 5,402.4 ETH worth just over $11 million, per PeckShield.
CoinDesk