The attacker behind the recent Verus-Ethereum bridge exploit has returned 4,052 Ether (ETH), worth about $8.5 million, to the project’s team wallet after Verus offered a public bounty for the recovery of the stolen funds.
Blockchain security firm PeckShield confirmed the return transaction on Friday, noting the deal structure. "The return represents about 75% of the stolen funds, with the exploiter retaining 1,350 Ether (ETH), worth about $2.8 million as a bounty," the firm said in a post on X.
The recovery follows an $11.5 million drain from the cross-chain bridge first flagged by security platform Blockaid on May 21. On-chain data shows the attacker converted the stolen assets into 5,402 ETH before Verus offered a deal, proposing the attacker keep 1,350 ETH if the remaining 4,052 ETH were returned within 24 hours.
This event highlights a growing, if controversial, trend in decentralized finance (DeFi) where protocols negotiate with attackers to reclaim a majority of stolen assets. While Verus successfully recovered 75% of its funds, the outcome stands in contrast to the year's largest hacks at KelpDAO ($292 million) and Drift Protocol ($285 million), where no significant funds have been recovered.
An ‘Unhackable’ Bridge Is Breached
The exploit was a notable blow to Verus, which had launched its bridge in late 2023 by explicitly marketing its architecture as resistant to the types of attacks that plagued other protocols. The project’s documentation claimed that “threats caused by malicious notary witnesses or stolen keys to drain funds are simply not viable” against its design, which relies on cryptographic proofs validated by miners and stakers. The incident underscores the immense challenge of securing cross-chain infrastructure, regardless of the underlying verification model.
A Record Year for DeFi Exploits
The Verus exploit is one of dozens that have pushed total DeFi losses above $840 million in the first five months of 2026, according to data from DefiLlama. April was the most damaging month on record, with over $600 million stolen, driven by massive, state-sponsored attacks attributed to North Korean hacking groups. Experts note that while detection capabilities are improving, attackers continue to find success with sophisticated social engineering and by targeting structural weaknesses in bridge architecture.
The Bounty as a Recovery Tool
The partial recovery of funds for Verus demonstrates the pragmatic approach some projects are taking to mitigate catastrophic losses. By treating the retained funds as a "white hat" bounty, teams can recover a majority of user assets far more quickly than through law enforcement, which often fails to track funds through crypto mixers. A similar arrangement occurred with the TAC Protocol exploit on the TON-Ethereum bridge in May, where the attacker returned 90% of the funds. However, critics argue these deals legitimize exploits and may encourage more attacks by creating a clear financial incentive.
This article is for informational purposes only and does not constitute investment advice.