The Verus Ethereum bridge exploiter has returned 4,052 ETH to the project team after a settlement offer, while keeping 1,350 ETH as a bounty.
Summary
- PeckShield says the Verus bridge exploiter returned 4,052 ETH, equal to 75% of stolen funds.
- The exploiter kept 1,350 ETH as a bounty after Verus proposed settlement terms publicly.
- Earlier reports linked the Verus bridge exploit to missing validation checks in cross-chain transfer logic.
PeckShield said the Verus bridge exploiter returned 4,052.4 ETH, worth about $8.5 million, to a Verus team address. The firm said the returned assets represented 75% of the stolen total.
Etherscan data shows a successful transfer of 4,052 ETH from a wallet labeled Verus Exploiter 2 to the address 0xF9AB…C1A74 on May 21. The transaction was valued at about $8.59 million at the ETH price shown by the explorer.
PeckShield said the remaining 25% stayed with the exploiter as a bounty. A separate Etherscan transaction shows 1,350 ETH, worth about $2.86 million, moved from the exploiter wallet to a new address minutes after the return transfer.
Some X users framed the recovery as a win for negotiated returns. Bee Swarm said “75% recovery is the new standard” and argued that bounty deals can work better than legal threats after funds are gone.
Others said the exploit still points to deeper bridge risks. Zenthis argued that partial recovery does not fix “centralized custody in bridges,” while pointing to atomic swaps as an alternative.
Bounty offer followed public Verus terms
Verus had earlier posted a message to the bridge exploiter, saying its community and developers had discussed terms for the fund return. The post said the terms covered the bounty size, the exploiter’s obligations, and how the assets could be returned.
According to the public Verus message from X, the community had agreed to a 1,350 ETH bounty. The offer was tied to returning the remaining funds and settling the matter under the proposed terms.
The return now makes the Verus case different from many bridge attacks, where stolen funds often move through mixers or remain under attacker control. In this case, most of the drained ETH moved back to a team address after the bounty offer.
Earlier exploit drained $11.5M
The fund return follows the May 18 Verus Ethereum bridge attack. Earlier coverage reported that the bridge lost more than $11.5 million after attackers used what security researchers described as a forged cross-chain transfer message.
PeckShield had reported that the drained assets included 103.6 tBTC, 1,625 ETH, and nearly 147,000 USDC. The attacker later swapped the stolen assets into 5,402 ETH, worth about $11.4 million at the time.
Blockaid linked the exploit to missing source-amount validation inside the bridge logic. The firm said the issue was not an ECDSA bypass, not a notary key compromise, and not a parser or hash-binding bug.
Bridge security remains under pressure
The Verus recovery comes during a busy period for cross-chain security incidents. Recent coverage said MAPO fell 96% after attackers exploited the Butter Network bridge and minted a huge amount of unauthorized tokens.
Echo Protocol also paused cross-chain activity after an attacker minted about $76.7 million in unauthorized eBTC on Monad. On-chain investigators said the exploiter used fake eBTC as collateral before moving funds through Tornado Cash.
These cases show why bridge validation remains a core risk for DeFi. Bridges hold assets across chains, so weak checks can allow attackers to trigger transfers, mint tokens, or move reserves before teams can stop the flow.
