Three high-profile exploits have hit crypto in four days. On May 15, THORChain was exploited with stolen funds exceeding $10M. On May 18, the Verus-Ethereum Bridge lost roughly $11.5M. On May 19, Echo Protocol was exploited — the attacker minted 1,000 $eBTC ($76.64M) directly into existence and had already converted 385 $ETH ($821K) by the time the dust settled.
Why it matters
The three incidents don't just add up to a bad week — they expose a recurring pattern: each exploit was cheap to execute, and each one broke a different layer of the stack. THORChain was a swap-layer hit, Verus was a cross-chain bridge, Echo was a mint-authority failure. When a single week produces that many distinct breakages, the common factor isn't any one protocol's code — it's that live, permissionless systems keep running while their audit debt stays unpaid.
Market impact
Total damage sits north of $98M, and that's only the marked losses — the eBTC mint created supply that didn't exist before, which is a different kind of damage than a simple drain. Bridge exploits have been the single most expensive category of attack in crypto since 2022, and a reappearance of a Verus-style incident suggests that older bridge designs are still being targeted. The next 48 hours should tell us whether the eBTC mint was a contained governance failure at Echo or a reproducible bug that other protocols are quietly checking for right now.
Frequently asked questions
-
Which protocols were hacked between May 15 and May 19?
THORChain was exploited on May 15 with over $10M stolen, the Verus-Ethereum Bridge lost roughly $11.5M on May 18, and Echo Protocol was exploited on May 19, where the attacker minted 1,000 $eBTC ($76.64M) and converted 385 $ETH ($821K).
-
How much was stolen in total across the three exploits?
Combined damage across the three incidents exceeds $98M, though that figure only captures marked losses — the eBTC mint at Echo created new supply that didn't exist before, a different class of damage than a direct drain.
-
What exactly happened in the Echo Protocol exploit?
The attacker minted 1,000 $eBTC directly into existence at a value of $76.64M, then immediately used the minted tokens to swap out 385 $ETH worth roughly $821K. A mint-authority failure is treated as a structural rather than a one-off bug until the post-mortem confirms otherwise.
-
Why are cross-chain bridge exploits so common in crypto?
Bridges hold large pools of locked liquidity and rely on cross-chain message verification, both of which have historically been harder to audit than single-chain smart contracts. Bridges have been the single most expensive attack category in crypto since 2022.
-
Is THORChain safe to use after this latest exploit?
The article does not give a verdict on THORChain's current safety. The May 15 incident was described as a swap-layer hit on one of the more heavily used cross-chain liquidity venues, and a full post-mortem from the THORChain team would be the authoritative source on remediation.
Lookonchain