3 Crypto Hacks in 4 Days: THORChain, Verus Bridge, Echo Protocol

Crypto Hacks Number Two: Verus Ethereum Bridge Drained $11.5M

Is crypto still safe when three platforms lose over $32 million in just four days?

That's the question the DeFi community is asking right now. Between May 15 and May 19, 2026, three separate crypto hack incidents hit in quick succession. Each one targeted a different protocol. Each one used a different attack method. All three drained real money from real users.

Source: X(formerly Twitter)

Here's the full breakdown of what happened, how much was taken, and what it means for you.

The Crypto Hack That Started It: THORChain Loses $10.8M

On May 15, 2026, THORChain, a cross-chain trading protocol that lets users swap assets across blockchains without wrapping them, suffered a major exploit. Attackers drained $10.8 million across at least nine chains, including Bitcoin, Ethereum, BNB Chain, and Base.

On-chain investigator ZachXBT first flagged the attack on Telegram. PeckShield confirmed it, identifying 36.75 BTC (roughly $3 million) and around $7 million across ETH, BNB Chain, and Base as stolen. The attacker's wallets, labelled "THORChain Exploiter" by Arkham Intelligence, held 3,443 ETH, 36.85 BTC, and 96.6 BNB.

THORChain froze all trading and signing operations within hours. Its native token RUNE dropped 14% following the news.

The leading theory, per THORChain contributors on Discord, points to a vulnerability in the GG20 signature scheme, a flaw in how the protocol's nodes co-sign transactions. A malicious node operator appears to have exploited this gap.

Source: Arkham Intelligence

Key facts from the first crypto hacks of the week:

• $10.8M drained across nine blockchain networks simultaneously

• RUNE fell 14% immediately after the exploit became public

• No official post-mortem has been published as of May 19, 2026

Crypto Hack Number Two: Verus Ethereum Bridge Drained $11.5M

Three days later, on May 18, 2026, the Verus-Ethereum Bridge was exploited. This is a cross-chain bridge, a piece of infrastructure that moves value between two separate blockchains. The attacker drained $11.58 million in 103.6 tBTC, 1,625 ETH, and 147,000 USDC before swapping all of it into 5,402 ETH, worth roughly $11.4 million.

Security firm Blockaid detected the attack in real time. The attacker's wallet was seeded with 1 ETH through Tornado Cash approximately 14 hours before the drain. The exploit cost the attacker roughly $10 in VRSC fees to execute.

The attack method was unusual. This was not a smart contract bug. The attacker submitted a forged transfer with zero real value on the Verus side. The bridge verified the proof and paid out real assets from its reserves. Eight of fifteen notaries signed the fraudulent state root.

This second crypto hacks exposed a verification gap, the same class of vulnerability that caused the Wormhole and Nomad exploits in 2022.

The Third Crypto Hack: Echo Protocol eBTC Exploit Today

Today, May 19, 2026 a third crypto hacks hit Echo Protocol. The attacker exploited the Curvance lending platform integrated with Echo Protocol and minted 1,000 eBTC worth $76.64 million.

The hacker deposited 45 eBTC as collateral into Curvance ($3.4 million). They then borrowed 11.29 WBTC ($866K). They used Circle CCTP to receive $360,526 USDC. They then used those assets to execute further transactions and steal approximately 385 ETH, around $821,000 in actual realised losses.

The $76.64 million eBTC mint was a fabricated position used to extract real assets. The hacker minted tokens that did not represent real collateral and used them to drain genuine funds.

What Three Crypto Hacks in 4 Days Actually Mean for You

This hacks wave is not random. It's a pattern.

All three attacks targeted infrastructure bridges, cross-chain routers, and lending protocols rather than individual wallets. PeckShield tracked eight bridge exploits in the first half of May 2026, totalling $328.6 million across the sector. Bridge-related losses now account for roughly 41% of all tracked DeFi exploit losses, according to AMBCrypto.

Based on public market data and security reports, the practical steps analysts recommend right now:

• Verify which protocols hold your assets before leaving funds idle

• Check whether the bridge or lending platform you use has a published, recent audit

• Avoid bridging large amounts during active exploit waves when monitoring is reduced

• Track your on-chain positions at Etherscan.io or Arkham Intelligence

The $32M total from these three hack incidents came in 96 hours. That pace is unusual even by 2026 standards. All data cited in this article is sourced from ZachXBT, PeckShield, Blockaid, and Arkham Intelligence. All figures are based on public market sources and provided on an assumption basis. No guaranteed outcomes are stated.

Conclusion

Three crypto hack incidents in four days stole over $32 million from THORChain, the Verus Ethereum Bridge, and Echo Protocol. Bridge verification gaps and signature scheme vulnerabilities drove two of the three attacks. The crypto hack trend in May 2026 isn't slowing down and the targets are getting more sophisticated. Verify your assets on-chain and stay informed.

All data is sourced from ZachXBT, PeckShield, Blockaid, Arkham Intelligence, and public market sources as of May 19, 2026. All figures are provided on an assumption basis. No guaranteed outcomes are stated or implied.

YMYL Disclaimer

This article is for informational purposes only and does not constitute financial or investment advice. presales are high-risk and readers should verify all information independently before making any financial decision.