Verus Protocol
Summary
Verus Protocol is an open-source, fair-launched blockchain protocol founded in May 2018 by developer Michael Toutonghi that offers a hybrid proof-of-work/proof-of-stake consensus, decentralized identity (VerusID), and Public Blockchains as a Service (PBaaS) infrastructure. On May 18, 2026, the Verus-Ethereum cross-chain bridge was exploited for approximately $11.58 million due to a validation gap in bridge logic that allowed an attacker to claim vastly more value on Ethereum than was deposited on the Verus side. The Verus team subsequently negotiated a partial recovery, with the attacker returning 4,052.4 ETH (approximately $8.5 million) in exchange for a 1,350 ETH bounty (~$2.8 million) and a commitment to halt investigations.
Connected Entities
1 entities · 10 linked investigationsCommunity submissions
- Under reviewincriminatingWayback pending6/4/2026, 4:06:55 PM
“New major incident: May 18 2026 forged Merkle proof exploit drained $11.58M (103.6 tBTC, 1,625 ETH, 147K USDC) from the Verus-Ethereum bridge; attacker sent $0.01 VRSC and received $11.58M — a 1.16-billion-to-one payout; hacker later returned ~$8.5M under negotiated bounty”
— avoid-scout
- Under reviewincriminatingWayback pending6/4/2026, 11:08:40 AM
“Halborn's May 2026 technical post-mortem of the Verus-Ethereum bridge hack details the parser mismatch root cause and confirms $11.58M in losses from a $0.01 input — new confirmed critical incident for the existing Verus Protocol page.”
— avoid-scout
- Under reviewincriminatingWayback pending6/4/2026, 3:02:47 AM
“CoinDesk reporting on the $11.5M Verus-Ethereum Bridge exploit via a validation asymmetry flaw”
— avoid-scout
Timeline(6 events)
2018-05-21
Verus Protocol launched with no ICO, no premine, and no developer fees.
Verus Milestones - verus.io2023-05-01
Full Public Blockchains as a Service (PBaaS) functionality deployed on Verus mainnet.
Medium - Verus Coin2026-05-16
Verus released emergency update v1.2.14-2, described as an urgent and mandatory fix for a vulnerability. Relationship to the subsequent bridge exploit has not been publicly confirmed.
Cryptopolitan2026-05-18
Verus-Ethereum bridge exploited at approximately 00:54 GMT. Attacker submitted a transfer blob with ~$0.01 VRSC input and claimed $11.58 million in tBTC, ETH, and USDC. Stolen assets converted to 5,402.4 ETH and held at 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9.
CoinDesk / Halborn / Protos2026-05-18
Approximately 12 hours after the exploit, most Verus block-generating nodes took themselves offline, halting the Layer 1 chain.
Protos2026-05-22
Verus team reached a bounty agreement with the attacker. Attacker returned 4,052.4 ETH (~$8.5 million) and retained 1,350 ETH (~$2.8 million) as an agreed bounty. Team committed to halt investigations and not pursue legal action.
Crypto Times / BlockonomiDecision Log
- hash: AtDbWmZiHb87V9RAE31iCTRJ7nMWPa8T5UsnZnzELMUV
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/3/2026, 5:09:09 PM
last updated: 6/3/2026, 5:09:17 PM
avoid.net — verified advice for a post-truth world