An address linked to the Verus network exploit has returned 4,052.4 ETH — worth about $8.5 million — to a project-controlled wallet on Thursday, following a public bounty offer that included a pledge of no legal action if most of the stolen assets were sent back.
According to blockchain security firm PeckShield, the exploiter has kept 1,350 ETH, valued at roughly $2.8 million, as a bounty payment. Onchain data shows the returned funds represent about 75% of the drained assets, with the remaining portion moved to a newly created wallet.
Terms of the informal settlement
The Verus team had issued a public statement offering the attacker a bounty on the condition that exactly 4,052.4 ETH be returned within 24 hours. The team also said that community-driven investigations and attribution efforts would stop once the funds arrived.
As of early Thursday, the Verus group had not publicly acknowledged receipt of the returned ETH or commented further on the arrangement.
Details of the may 18 bridge breach
The exploit took place on May 18 at 11:55 p.m. UTC and targeted the Verus-Ethereum bridge contract. Unauthorized transactions withdrew ETH, USDC, and tBTC from the Ethereum side of the bridge.
Security firm Blockaid estimated total losses at around $11.58 million. PeckShield data indicated that 103.6 tBTC, 1,625 ETH, and 147,000 USDC were converted into 5,402 ETH, worth nearly $11.4 million at the time.
Following the incident, the Verus development team said it was tightening bridge security, commissioning additional audits, and exploring ways for its decentralized community to manage recovery without outside capital.
Exploit bounties becoming more common
This case fits a growing pattern in decentralized finance, where attackers return a large share of stolen assets in exchange for a “white-hat” style fee and a commitment from projects not to pursue legal or law-enforcement routes.
A comparable incident occurred on May 17, when the attacker behind a roughly $628,000 exploit of the Adshares cross-chain bridge sent back about 86% of the funds under a similar arrangement.
Root cause: validation failure, not a classic bug
The Verus breach did not stem from a standard smart contract coding bug, but from a flaw in the bridge’s validation logic. The weakness allowed the attacker to withdraw assets on Ethereum without providing adequate collateral or backing on the Verus side.
This type of cross-chain messaging and validation failure has been a recurring feature of major exploits, highlighting structural risks in interoperability infrastructure rather than isolated implementation errors.
Systemic pressure on defi bridges
Repeated security lapses at cross-chain bridges are eroding confidence in key DeFi infrastructure. Early 2026 data indicates that bridge-related exploits account for a disproportionately large share of all funds stolen from DeFi protocols.
These security concerns are also affecting capital flows. A recent report from JPMorgan analysts led by Nikolaos Panigirtzoglou noted that, during periods of stress, capital often moves out of DeFi protocols and into more liquid stablecoins on centralized exchanges.
Market impact and broader outlook
Market conditions remain volatile, with speculative narratives driving sharp price swings in smaller-cap tokens. While the broader digital asset market saw most tracked tokens advance on May 21, the Verus incident adds a fresh layer of uncertainty for projects that rely on similar cross-chain designs.
The episode is likely to prompt more rigorous reviews of bridge security models, as protocols weigh the convenience of cross-chain interoperability against the mounting history of high-profile exploits. For active traders, bridge risk is increasingly a key part of assessing protocol resilience and long-term viability.
Curious how platforms secure user funds after incidents like this? Learn how Toobit protects assets in its comprehensive risk-control guide.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
