Verus Recovers 4,052 ETH as Bridge Hacker Keeps $2.8M Bounty

TLDR

1. Verus recovers 4,052 ETH after hacker keeps 1,350 ETH bounty reward.

2. Attack exploited bridge logic flaw, draining over $11.5 million in total.

   

3. Bounty negotiation ensures most stolen ETH returns to the project wallet.

4. DeFi hacks remain high, though May losses drop to $38 million so far.

5. Verus case shows direct deals can recover assets before law enforcement acts.

Verus has successfully recovered 4,052 Ether (ETH) after a bridge hacker returned the majority of stolen funds. The attacker retained 1,350 ETH, valued at approximately $2.8 million, as a bounty. The return follows Verus offering the reward to secure most of the assets quickly.

Hacker Returns Funds After Bounty Offer

Verus offered a 1,350 ETH bounty to the exploiter to return 4,052 ETH within 24 hours. The attacker transferred the funds back to the project’s team wallet promptly. Blockchain security firm PeckShield confirmed that 75% of the stolen ETH returned under these terms.

The remaining 25% stayed with the attacker as agreed, representing the bounty reward. The 1,350 ETH moved shortly after the main return to a separate wallet. The transaction reflects Verus negotiating directly with the exploiter for asset recovery.

Verus made this move to prevent further loss and maintain project integrity. The team emphasized that returning the funds differs from law enforcement action. Such negotiations are increasingly common in DeFi bridge exploits to retrieve stolen assets efficiently.

Background of the Verus Bridge Exploit

The Verus-Ethereum bridge suffered the attack on May 18, losing over $11.5 million. Attackers used a forged cross-chain transfer, exploiting a flaw in bridge logic validation. The drained assets included 1,625 ETH, 103.6 tBTC, and nearly 147,000 USDC.

The stolen assets were later consolidated into 5,402 ETH, totaling around $11.4 million at the time. Security analysis indicated the issue stemmed from missing source-amount checks, not key compromise or hashing errors. This vulnerability highlights ongoing risks in cross-chain bridge protocols.

Verus’ response contrasts with many bridge attacks where funds remain inaccessible or move through mixers. Most of the stolen ETH returned to the team wallet, improving recovery outcomes. The case demonstrates active risk management in DeFi security incidents.

Wider Context of DeFi Hacks

DeFi hacks reached a cumulative $634 million in April 2026, including major exploits like Drift Protocol and Kelp. Losses decreased to roughly $38 million in May, according to DefiLlama. These incidents show that bridges remain primary targets for attackers.

Other recent exploits include unauthorized minting of eBTC on Monad and token floods on Butter Network. Investigators reported attackers used fake assets as collateral and moved funds through privacy services. Weak bridge validation continues to be a critical security concern in decentralized finance.

Verus now highlights the importance of proactive measures and bounty programs. Timely negotiations allowed recovery of most funds while rewarding the hacker for cooperation. The incident sets a precedent for bridge teams balancing security and operational responses.

The post Verus Recovers 4,052 ETH as Bridge Hacker Keeps $2.8M Bounty appeared first on CoinCentral.