Versus-Ethereum Bridge Exploited: Analyzing Chain of Events

This week, there was a significant vulnerability in the Verus-Ethereum Bridge, with hackers stealing about $11.58 million in digital assets. As suspicious transactions transferred significant amounts of cryptocurrency from the bridge into wallets controlled by attackers, blockchain security companies promptly sounded the alarm.

Early exploit detection

The attack was discovered by Blockaid's exploit detection system while it was still active, according to the security firm. The company claims that the hacker was able to take several assets out of the bridge and exchange them for Ethereum.

ETH/USDT Chart by TradingView

Later, PeckShield, a blockchain monitoring account, released a breakdown of the pilfered money. 103.6 tBTC, 1625 ETH, and approximately 147,000 USDC were reportedly taken from the bridge by the attacker. Following the theft, the assets were exchanged for roughly 5402.4 ETH, which, at the time of reporting, was worth roughly $11.4 million. The wallet with the address 0x65Cb…25F9 currently contains the pilfered ETH.

Not their first rodeo

Additionally, analysts found that about 14 hours prior to the exploit, the attacker's address had been funded with 1 ETH via Tornado Cash. Transaction trails are frequently obscured by Tornado Cash, making it more difficult to determine the source of funds.

One of the cryptocurrency industry's most vulnerable components is still cross-chain bridges. Although these platforms enable users to transfer assets between different blockchains, security flaws are frequently caused by their intricate smart contract structures. Bridge hacks have cost the market billions of dollars in losses over the last few years.

It's still unknown exactly how the Verus-Ethereum Bridge was compromised. The exploit vector, and whether the vulnerability originated from validator systems, smart contract logic, or another flaw in the protocol, are still being looked into by developers and security researchers.