Verus Ethereum bridge suffers $11.6M DeFi attack through fake transfer message

A DeFi attack on Verus Protocol's Ethereum bridge has resulted in a significant loss for the protocol, with an estimated $11.6 million lost to hackers. The exploit occurred when a hacker used a fake cross-chain transfer message to deceive the protocol into sending funds from its reserves to the attacker's wallet.

According to onchain security platform Blockaid, the incident resembles previous DeFi hacks such as the Nomad Bridge and Wormhole exploits in 2022. The attacker exploited a missing source-amount validation check in Verus Protocol's Solidity code, which allowed them to bypass normal verification processes.