The exploiter behind the Verus bridge attack returned 4,052 ETH (approximately $8.5 million) after accepting a bounty settlement proposed by the project team. According to blockchain security firm PeckShield, the attacker kept 1,350 ETH, valued at roughly $2.8 million, as part of the negotiated agreement. Verus offered the settlement terms shortly after the exploit occurred, proposing that if the stolen funds were returned within 24 hours, the remaining balance would be treated as a legitimate white hat bounty rather than stolen assets. The exploit targeted the Verus-Ethereum bridge through a forged cross-chain transfer vulnerability, highlighting persistent security risks in decentralized finance infrastructure.
Verus Exploiter Returns Most Stolen ETH
The attacker transferred 4,052 ETH back to the Verus team wallet after the project publicly proposed a settlement. The agreement allowed Verus to recover approximately 75% of the total funds lost during the attack. In exchange for returning the majority of stolen assets, the exploiter retained 1,350 ETH as a bounty arrangement.
The vulnerability exploited the Verus-Ethereum bridge through what has been described as a forged cross-chain transfer mechanism. Cross-chain bridges connect separate blockchain ecosystems while managing large amounts of liquidity, making them frequent targets for attackers in the decentralized finance sector.
Bridge Vulnerability and Attack Vector
The Verus incident involved a forged cross-chain transfer vulnerability specific to the Verus-Ethereum bridge. Cross-chain bridges have become one of the most common attack vectors in decentralized finance because they handle significant liquidity across multiple blockchain networks. Exploits targeting bridges have repeatedly resulted in multimillion-dollar losses over recent years.
Broader DeFi Security Landscape
The Verus exploit occurred amid ongoing security concerns affecting the cryptocurrency industry. According to data from DefiLlama, decentralized finance hacks reached approximately $634 million in stolen funds during April alone. Two of the largest incidents included the $280 million exploit affecting Drift Protocol and the $293 million exploit involving Kelp. Although losses in May dropped to around $38 million so far, security vulnerabilities continue to affect decentralized platforms.
These ongoing attacks represent significant barriers to mainstream adoption of blockchain technology. As more value flows into DeFi protocols and cross-chain infrastructure, projects face increasing pressure to strengthen smart contract security, auditing standards, and bridge protections.
