The attacker behind the Verus-Ethereum bridge exploit has returned 4,052 Ether, worth approximately $8.5 million, to the project's team wallet, according to blockchain security firm PeckShield. The exploit drained the bridge on May 18 through forged cross-chain transfer requests that bypassed validation mechanisms, resulting in $11.58 million in total stolen funds. The attacker retained 1,350 ETH, roughly $2.8 million, as a negotiated bounty reward under a deal proposed by the Verus team with a 24-hour deadline and pledge to halt legal action upon compliance.
How The Exploit and Recovery Unfolded
Blockaid's exploit detection system flagged the ongoing drain at $11.58 million, and on-chain analyst Lookonchain confirmed the attacker had converted all stolen assets into 5,402 ETH. Verus offered the 1,350 ETH bounty with a 24-hour deadline, pledging to halt legal action if the exploiter complied. The attacker honored the terms, transferring the specified amount to address 0xF9AB…C1A74.
PeckShield confirmed on X: "The @veruscoin Bridge exploiter has returned 4,052.4 $ETH (~$8.5M) to the team address: 0xF9AB…C1A74. The returned funds represent 75% of the stolen total, leaving a 25% bounty (1,350 $ETH, ~$2.8M) in the exploiter's wallet."
Bounty Negotiations Gain Traction in DeFi
The recovery illustrates a growing pattern in DeFi security: direct negotiation between protocols and exploiters as an alternative to traditional enforcement. Verus clarified that voluntary fund repatriation does not preclude future judicial or regulatory intervention, a legal distinction that previous bounty deals have also emphasized.
Bridge-related exploits have remained a persistent threat. PeckShield data shows eight major bridge exploits in 2026, totaling $328.6 million in cumulative losses. The Verus incident adds to a growing list of bridge compromises that includes THORChain's $10 million hack this month and April's $290 million rsETH breach.
Bridge Losses Drop Sharply in May
DeFi hacks surged to a cumulative $634 million in April, dominated by the $280 million Drift Protocol exploit and the $293 million Kelp exploit. May losses have fallen sharply to roughly $38 million so far, according to DefiLlama. Cross-chain bridge attacks account for approximately $3.22 billion of the over $16.5 billion in total historical crypto losses tracked by the platform.
Broader Security Concerns Persist
Security researchers continue to argue that cross-chain verification mechanisms remain the weakest link in interoperability infrastructure. The Verus team had previously promoted a Solana developer bounty on social media, contrasting its approach with "bridges that get hacked."
What's Next
Verus has not yet published a formal post-mortem on the exploit. The project's bridge remains suspended while the team audits the underlying verification logic. A timeline for resumption has not been disclosed.
