Verus Bridge Exploiter Returns 4,052 ETH Worth $8.5M, Keeps Bounty
- Stacey George
- May 22, 2026
- News
- 0 Comments
The exploiter behind the Verus Ethereum bridge attack has returned 4,052 ETH, worth approximately $8.5 million, while retaining a portion of the stolen funds as a bounty.
What happened in the Verus bridge exploit and fund return
TLDR: KEY POINTS
- The Verus Ethereum bridge was exploited, with the attacker draining millions in ETH.
- The exploiter returned 4,052 ETH (roughly $8.5 million) to the project.
- A bounty was kept by the exploiter, suggesting a negotiated or white-hat-style resolution.
The Verus protocol’s Ethereum bridge suffered a significant exploit that resulted in the loss of user funds. The attacker subsequently returned 4,052 ETH to the project, a sum valued at approximately $8.5 million at the time of the transfer.
On-chain records confirm the movement of funds associated with the incident. The return transaction can be viewed on Etherscan, providing verifiable proof of the ETH being sent back.
ON-CHAIN DATA
- Transaction: 0x3ce9…89b6
- Amount returned: 4,052 ETH (~$8.5M)
Bridge exploits have become one of the most consequential categories of crypto security incidents, with cross-chain infrastructure repeatedly proving to be a high-value target. The Verus incident adds to a growing list of bridge-related losses across the industry, a pattern that has also prompted broader scrutiny of blockchain infrastructure providers and their security practices.
Why the exploiter kept a bounty
The most notable aspect of this incident is not the return itself, but what was retained. The exploiter kept a portion of the funds as a de facto bounty, a detail confirmed in reporting on the exploit.
This outcome suggests either a formal negotiation between the Verus team and the attacker, or an implicit arrangement where the exploiter acted as a white-hat by returning the bulk of stolen assets. The exact size of the retained bounty has not been confirmed in available reporting.
What the bounty implies for the Verus team’s response
Allowing an exploiter to keep a portion of drained funds has become an increasingly common crisis management strategy in DeFi. Projects often offer bounties publicly, sometimes via on-chain messages, to incentivize the return of the majority of stolen assets rather than pursuing lengthy and uncertain recovery through legal channels.
The Verus community discussed the incident and the team’s response on platforms tracking crypto policy and governance. Whether the Verus team formally offered the bounty or the exploiter unilaterally decided the split remains unclear from available evidence.
What the Verus incident means for bridge security
Why bridge exploits remain high-impact events
Cross-chain bridges hold large pools of locked assets, making them attractive targets. A single vulnerability can expose millions in user funds, as the Verus case demonstrates with the roughly $8.5 million in returned ETH alone.
The incident comes at a time when regulators worldwide are increasing their focus on crypto infrastructure security. Lawmakers in multiple jurisdictions, including South Korea’s ongoing review of crypto taxation, are weighing how to address the risks posed by decentralized financial infrastructure.
The Verus bridge exploit and its resolution through a bounty arrangement underscore a recurring tension in DeFi security: protocols must balance rapid crisis response with the optics of rewarding attackers who return stolen funds.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
