According to blockchain security firm PeckShield, crypto bridge-related exploits have already caused roughly $328.6 million in losses across eight major incidents in 2026. The figure highlights the growing security crisis surrounding cross-chain infrastructure as crypto ecosystems become more interconnected.
Those affected include THORChain, KelpDAO/LayerZero, Verus, IoTeX, Hyperbridge, ZetaChain, Squid Router, and CrossCurve. Together, the incidents show that bridges remain one of the weakest points in decentralized finance.
Verus Bridge Exploit Raises Security Questions
In the latest crypto news, the Verus-Ethereum Bridge has suffered losses of roughly $11.58 million in a single exploit this morning. On-chain data from PeckShield shows the attacker drained about 1,625 ETH, 103.57 tBTC, and roughly 147,000 USDC. Most of the stolen funds were later swapped into ETH through Uniswap.
The exploit has drawn attention because Verus heavily marketed its bridge as a safer alternative to traditional smart contract bridges. The project emphasized that its system posed no smart contract risk, touting protocol-level validation rather than custom bridge contracts.
However, the exploit challenged the idea that removing traditional smart contracts automatically removes bridge vulnerabilities. The attacker’s wallet currently still holds a large portion of the stolen assets.
THORChain and KelpDAO Lead Major Crypto Losses
On May 15, THORChain suffered an exploit worth approximately $10 million. The stolen assets included approximately 36.75 BTC, worth roughly $3 million, along with additional funds from Ethereum, BNB Chain, and Base.
Meanwhile, the KelpDAO/LayerZero exploit became one of the largest bridge-related incidents of the year. On April 18, the attacker stole roughly $292 million worth of rsETH from the DeFi protocol. After obtaining the assets, they deposited the stolen tokens into major lending platforms, including Aave V3, Compound V3, and Euler.
In total, the attacker borrowed more than $236 million worth of WETH against the stolen collateral. The incident demonstrated how hackers can weaponize DeFi’s composability, allowing them to rapidly multiply systemic risk across other protocols. While Arbitrum recovered the 30,766 ETH the attacker had on Arbitrum, they laundered the rest of the funds, mostly through THORChain.
Smaller Attacks Extended Across the Sector
On April 27, ZetaChain confirmed a roughly $300,000 exploit involving its GatewayEVM cross-chain contract. The project stated that only internal team wallets were affected, and user funds remained safe.
On April 13, Hyperbridge suffered an exploit after a hacker used forged cross-chain messages to gain administrative control over a Polkadot token contract on Ethereum. The attacker minted one billion unauthorized tokens and profited roughly $237,000.
On April 7, a Squid Router user lost around $517,000 in an approval-related exploit involving a multicall contract. Squid clarified that the issue did not come from its core protocol contracts. Instead, the attack exploited dangerous token approval permissions granted by the user.
IoTeX and CrossCurve Add to Mounting Crypto Losses
On February 21, IoTeX’s cross-chain bridge suffered a private key compromise, resulting in losses approaching $9 million. Attackers gained control of the project’s TokenSafe and MinterPool contracts before draining funds and minting millions in unauthorized CIOTX and CCS tokens.
Moreover, CrossCurve, formerly known as EYWA, lost roughly $3 million between January 31 and February 1. Attackers exploited missing validation checks inside the protocol’s ReceiverAxelar contract. They used spoofed cross-chain messages to trigger unauthorized token unlocks from the PortalV2 contract.
These attacks show how difficult it is to secure bridge infrastructure. Cross-chain protocols connect multiple networks, process external messages, manage validators, and maintain large liquidity pools simultaneously. That complexity creates several attack surfaces. These include smart contract flaws, forged messages, validator manipulation, private key compromises, and approval exploits. With more than $328 million already lost in 2026, cross-chain infrastructure remains one of crypto’s biggest unresolved security challenges.
Meanwhile, rapid growth in cross-chain security is especially needed now as interoperability becomes increasingly important to crypto markets. As tokenization, multichain DeFi, and institutional blockchain adoption continue, the resulting liquidity must run on secure rails.
Temitope Olajide
The CoinRemark Team