Cyber attackers strike again, draining $11 million from a major digital currency crossover platform

Blockchain security remains a perennial challenge, and crypto bridges, which enable seamless transfers between blockchains, are frequent targets for malicious actors.

On Monday, the Verus-Ethereum bridge, a cross-chain bridge that lets users move value between the Verus network and Ethereum, including $ETH and ERC-20 assets, was hacked, with the attacker making off with 103.6 tBTC, Threshold Network’s tokenized bitcoin, 1,625 ether ($ETH) and 147,000 USD Coin (USDC).

The exploiter later swapped the assets for 5,402.4 $ETH, worth over $11 million, and now holds the same in the address, 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9, according to PeckShield.

The latest exploit is yet another example of how malicious actors continue to target infrastructure that connects chains or handles cross-chain messaging, rather than smart contracts themselves.

According to crypto exchange Phemex, the two largest losses, involving Drift and Kelp DAO, both stemmed from infrastructure that connects chains or manages cross-protocol messaging, while four of the smaller exploits also targeted bridge-related components.

The Kelp DAO attack in April targeted bridge infrastructure connecting multiple blockchains, specifically via LayerZero’s cross-chain messaging system. It resulted in losses of $293 million and caused collateral damage across the DeFi ecosystem.

“That is no coincidence, and it matches the historical pattern in which bridge exploits consistently produce the largest individual losses in any given year,” the crypto exchange said.