coin-img-ETHETH-3.22%coin-img-BTCBTC-2.30%coin-img-HYPEHYPE-6.36%coin-img-BITKBITK-56.72%coin-img-SOULCORESOULCORE-15.51%coin-img-SOLSOL-3.36%coin-img-XRPXRP-2.91%coin-img-USDCUSDC+0.01%coin-img-ETHETH-3.22%coin-img-BTCBTC-2.30%coin-img-HYPEHYPE-6.36%coin-img-BITKBITK-56.72%coin-img-SOULCORESOULCORE-15.51%coin-img-SOLSOL-3.36%coin-img-XRPXRP-2.91%coin-img-USDCUSDC+0.01%coin-img-ETHETH-3.22%coin-img-BTCBTC-2.30%coin-img-HYPEHYPE-6.36%coin-img-BITKBITK-56.72%coin-img-SOULCORESOULCORE-15.51%coin-img-SOLSOL-3.36%coin-img-XRPXRP-2.91%coin-img-USDCUSDC+0.01%coin-img-ETHETH-3.22%coin-img-BTCBTC-2.30%coin-img-HYPEHYPE-6.36%coin-img-BITKBITK-56.72%coin-img-SOULCORESOULCORE-15.51%coin-img-SOLSOL-3.36%coin-img-XRPXRP-2.91%coin-img-USDCUSDC+0.01%

Verus Bridge Attacker Sends Back $8.5M, Keeps About $2.9M as Bounty

The attacker behind the Verus Ethereum bridge exploit has returned most of the stolen funds under a negotiated settlement, while keeping a substantial payout. On May 21, the exploiter transferred 4,052.4 ETH (about $8.5 million at onchain prices) to a Verus team address, according to PeckShield and Etherscan. The amount represents roughly 75% of the total funds taken. The attacker retained 1,350 ETH (approximately $2.8–2.9 million) as an agreed bounty. Etherscan records show the transaction originated from a wallet labeled "Verus Exploiter 2" and went to address 0xF9AB…C1A74. Shortly after returning the larger portion, the exploiter moved the 1,350 ETH bounty to a newly created address. PeckShield highlighted both the repayment and the subsequent split. Verus said in a public post on X that community members and developers negotiated the terms, including the bounty size, the exploiter's obligations, and the return process. The breach took place on May 18 and initially drained more than $11.5 million from the Verus Ethereum bridge. PeckShield said the stolen assets included 103.6 tBTC, 1,625 ETH, and nearly 147,000 USDC. The attacker later consolidated the proceeds into around 5,402 ETH (about $11.4 million at the time of the swaps). Security firm Blockaid attributed the exploit to a missing sourceamount validation check in the bridge logic, allowing a forged crosschain transfer message to be accepted. Blockaid added that the incident was not an ECDSA bypass, not a notarykey compromise, and not tied to a parser or hashbinding bug. Reactions have been mixed. Supporters of negotiated recoveries argued that reclaiming 75% is preferable to losing everything to mixers. Critics said the episode highlights structural bridge risks, including centralized custody and weak validation, and pointed to alternatives such as atomic swaps to reduce similar failure modes. The Verus case stands out from many recent bridge incidents because most of the drained ETH was returned to a team address following a bounty agreement. In other attacks, funds are often routed through mixers or remain under attacker control. The development also comes amid continued crosschain security failures, including the Butter Network exploit that sent MAPO token price lower and the Echo Protocol/Monad incident in which an attacker minted about $76.7 million in unauthorized eBTC and moved funds through Tornado Cash. Bridges remain a key DeFi attack surface because they custody assets across networks. Weak validation can enable unauthorized transfers, reserve manipulation, and rapid fund extraction before teams respond. The Verus repayment underscores both the usefulness of negotiated recoveries and the need for stronger validation and custody models across the ecosystem. Onchain data and security-firm reports remain the primary sources for updates as the situation develops.
ETH
ETH-3.12%
BTC
BTC-2.24%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.