Verus Network Suspended After Cross-Chain Bridge Attack, Offers Bug Bounty
Severity: High (Score: 66.2)
Sources: Kucoin, Panewslab, Odaily.News
Published: · Updated:
Keywords: verus, bridge, ethereum, cross-chain, network, verus-ethereum, attacked
Summary
On May 18, 2026, Verus confirmed that its Verus-Ethereum cross-chain bridge was attacked, resulting in the theft of ETH, USDC, and tBTC from the Ethereum contract. The attack led to losses estimated at approximately $11.58 million. In response, the Verus network has been suspended, with most block-producing nodes voluntarily going offline to mitigate further damage. The development team is investigating the attack vector and the scope of the incident. Verus has stated that if the attacker returns all stolen funds, a bug bounty will be offered, and no legal action will be pursued. Users are warned against interacting with anyone claiming to offer compensation or remediation plans, as these are scams. Other bridged assets remain unaffected by the attack. Key Points: • Verus-Ethereum cross-chain bridge attacked, resulting in theft of $11.58 million. • Network operations suspended; most block-producing nodes taken offline. • Verus offers a bug bounty for the return of stolen funds, warns against scams.
Detailed Analysis
**Impact** The Verus-Ethereum cross-chain bridge was attacked on May 17, 2026, resulting in the theft of approximately $11.58 million in ETH, USDC, and tBTC from the Ethereum smart contract. Other bridged assets remain unaffected. The Verus network has been suspended, with most block-producing nodes voluntarily going offline to prevent further damage. This incident impacts users and service providers relying on the Verus bridge for cross-chain asset transfers, primarily within the Ethereum ecosystem. **Technical Details** The attack targeted the Verus-Ethereum cross-chain bridge contract, exploiting an unspecified vulnerability to transfer ETH, USDC, and tBTC assets illicitly. The exact attack vector, TTPs, and any exploited CVEs have not been disclosed. No malware, tools, or infrastructure details were provided. The incident occurred at 23:55 UTC on May 17, 2026, and the network suspension and node shutdowns represent containment measures in the kill chain’s impact and recovery stages. No IOCs were reported. **Recommended Response** Defenders should monitor the Verus network and Ethereum bridge contracts for unusual transactions or unauthorized asset movements. Users must avoid interacting with any accounts or messages claiming to offer compensation or remediation, as these are confirmed scams. The Verus team is investigating and will provide updates; until then, no specific patches or detections are available. Organizations should maintain vigilance for related phishing or impersonation attempts in community channels.
Source articles (4)
- Verus Network Paused Following Ethereum Bridge Attack, Offers Bounty for Fund Return — Kucoin · 2026-05-18
Mars Finance reports that Verus has confirmed on X that the Verus-Ethereum cross-chain bridge was attacked, resulting in the theft of ETH, USDC, and tBTC from the Ethereum smart contract. Other bridge… - Verus Network Paused Following Ethereum Cross-Chain Bridge Attack — Kucoin · 2026-05-18
BlockBeats report: On May 18, the Verus official team announced that the Verus-Ethereum cross-chain bridge was attacked on May 18, during which the attacker stole assets such as ETH, USDC, and tBTC fr… - Verus: Network Currently Suspended; Willing to Offer Bug Bounty If Attacker Returns Funds — Odaily.News · 2026-05-18
Odaily reported that Verus confirmed on Platform X that its Verus-Ethereum cross-chain bridge has been attacked, resulting in the theft of ETH, USDC, and tBTC from the contract on the Ethereum chain.… - Verus: The network is currently offline. A bug bounty is offered to providers who receive a full refund. — Panewslab · 2026-05-18
PANews reported on May 18 that Verus disclosed on its official Discord that the Verus-Ethereum cross-chain bridge was attacked at 23:55 UTC on May 17, 2026. The attackers transferred Ethereum, USDC, a…
Timeline
- 2026-05-17 — Attack on Verus-Ethereum bridge confirmed: The Verus team disclosed that the bridge was attacked at 23:55 UTC, leading to significant asset theft.
- 2026-05-18 — Verus network suspended: Following the attack, the Verus network was suspended, and block-producing nodes went offline to prevent further issues.
- 2026-05-18 — Bug bounty offered for fund return: Verus announced a bug bounty for the return of stolen funds, stating no legal action will be taken if funds are returned.
- 2026-05-18 — Warning issued against scams: Verus warned users to avoid interactions with scammers claiming to offer compensation related to the attack.
Related entities
- Verus (Company)
- Verus Network (Company)
- Ethereum (Company)