There was a serious attack on the Ethereum bridge of the Verus protocol, which operates in the world of decentralized finance (DeFi). Blockchain security firms confirmed that digital assets worth $11.58 million were seized by attackers in this incident. The attack was first detected by on-chain analytics platform Blockaid late Sunday evening. Security researchers examined the initials of the wallets used in the attack and the details of the transferred assets.
Details of the attack and methods used
Blockchain security firm PeckShield announced that the attack caused the loss of approximately 103.6 tBTC, 1,625 ETH and 147,000 USDC on the Verus-Ethereum bridge. It was determined that a total of 5,402 ETH worth of funds passed to the attackers along with these assets. The PeckShield team stated that 1 ETH was sent to the attacker’s wallet via Tornado Cash approximately 14 hours before the incident, and this fund was used in the attack.
Tornado Cash is known as a decentralized protocol that allows anonymous transactions. The fact that the attacker’s wallet was recently funded from this platform suggests that preparations were made to ensure confidentiality in the incident. Different blockchain security companies also shared their opinions on the incident.
Technical vulnerabilities and risks in the DeFi ecosystem
Cyber security firm GoPlus claimed that the attack targeted a sophisticated vulnerability in the transaction verification system on the bridge. According to the company’s statement, the attacker first sent a low-amount transfer to the bridge contract and then triggered a function that allows the mass transfer of reserve assets to a wallet.
GoPlus reported that factors such as cross-chain message verification error, signature forgery loopholes, withdrawal and access control deficiencies may have played a role in the incident. It was noted that such vulnerabilities are frequently targeted, especially in decentralized bridges where large amounts of crypto assets move.
Sector security is on the agenda again
The Verus protocol operates as a DeFi infrastructure that enables asset transfer between different blockchain platforms. Many security researchers state that the attack has revived concerns about the security of cross-chain bridges.
The fact that the attacker converted different assets into ETH in a short time shows once again the importance of moving funds quickly in such attacks. Although the incident was not confirmed by the relevant platform, the findings of blockchain analysis companies clearly revealed the extent of the loss and the methods used.
According to the information provided by PeckShield, the attacker transferred a total of approximately 11.4 million dollars worth of crypto money, including 103.6 tBTC, 1.625 ETH and 147 thousand USDC, to his own account in a short time. It was also noted that just before the attack, funds were transferred to the attacker’s wallet via Tornado Cash.
Due to increasing security threats on cross-chain bridges, industry experts point out that new measures must be rapidly developed against similar attacks.
