Verus-Ethereum bridge exploit use forged Merkle proof, $11.5M don kolo
For May 18, dem report say Verus-Ethereum bridge comot about $11.5M after attackers use fake Merkle proof.
PeckShieldAlert talk say the attacker knack 103.6 tBTC, 1,625 ETH, and about 147,000 USDC from the bridge contract. Dem swap the funds to about 5,402.4 ETH and put everything for one wallet.
Blockaid talk say Verus-Ethereum bridge verify notarized state roots correct (8/15 notaries), but e still fail to properly bind destination-chain value to the source-chain proof. Security researcher “evilcos” sef say fake Merkle proof fit pass the bridge validation. Verus don release an "urgent and mandatory" emergency patch (v1.2.14-2) two days before, but e no clear if e fit stop this weakness.
For traders, the Verus-Ethereum bridge exploit show say cross-chain bridge verification still big security risk. The wider story dey worse: bridge-related losses don reach about $328.6M (eight major incidents up to mid-May). Even if this no directly affect spot fundamentals, e fit make short-term risk-off sentiment for cross-chain DeFi assets and liquidity.
Bearish
Di Verus–Ethereum bridge exploit dey show say na repeatable pattern be dis for bridge verification: even if dem notarize state roots wey validate, system fit still miss proper binding between source-chain proofs and destination-chain value. Dis one dey renew concern about safety of cross-chain custody and liquidity, wey fit put short-term pressure for cross-chain DeFi sentiment.
Even though dem fit quickly swap di stolen assets and e no necessarily change long-term protocol fundamentals for unrelated tokens, di news flow just add to di already high bridge-loss totals (~$328.6M with eight major incidents up to mid-May). Historically, similar bridge incidents dey make traders reduce exposure to connected bridges, wrapped assets, and liquidity pools until dem confirm audits and mitigations.