TL;DR:
- Verus recovered 4,052 ETH, equivalent to about $8.5 million, after negotiating with the exploiter the return of 75% of the stolen funds.
- The attacker kept 1,350 ETH valued at $2.8 million as an agreed bounty, in exchange for the team halting investigations and not pressing charges.
- The original exploit, which occurred on May 18, targeted the Verus-Ethereum bridge for a total estimated at $11.58 million in ETH, USDC and tBTC.
The bridge between the Verus network and Ethereum was attacked on May 18 at 23:55 UTC through a forged cross-chain transfer that allowed the attacker to extract 103.6 tBTC, 1,625 ETH and 147,000 USDC. The hacker then swapped those assets for 5,402 ETH, equivalent to approximately $11.4 million, according to onchain data reported by blockchain security firm PeckShield. Security platform Blockaid estimated total losses at $11.58 million.
Days after the incident, the Verus team published a proposal on X addressed directly to the exploiter: return 4,052.4 ETH within the next 24 hours in exchange for the community halting ongoing investigations, refraining from pressing charges and taking no extralegal action. The team also committed to issuing a public acknowledgment stating that the 1,350 ETH retained would be considered the attacker’s legitimate bounty.
#PeckShieldAlert The @veruscoin Bridge exploiter has returned 4,052.4 $ETH (~$8.5M) to the team address: 0xF9AB…C1A74.
The returned funds represent 75% of the stolen total, leaving a 25% bounty (1,350 $ETH, ~$2.8M) in the exploiter's wallet. https://t.co/ZFIqnHBwZk pic.twitter.com/vPsiOigyQ5
— PeckShieldAlert (@PeckShieldAlert) May 22, 2026
Verus Strikes an Unprecedented Deal in the DeFi Sector
The exploiter accepted the terms. It transferred 4,052.4 ETH, valued at around $8.5 million, to the Verus team’s address and moved the remaining 1,350 ETH, about $2.8 million, to a new wallet. The recovered amount represents 75% of the assets originally stolen from the bridge.
This type of direct negotiation between DeFi protocols and attackers has become a recurring practice in the industry, although it does not exempt those involved from potential legal action by third parties or authorities. Verus clarified that, operating as a decentralized community without venture capital backing, it focused its efforts on reinforcing the bridge, conducting additional audits and designing a plan to compensate losses.
Security has become a constant concern for the DeFi ecosystem. According to DefiLlama data, hacks had accumulated around $634 million in April, driven primarily by the Drift Protocol exploit for $280 million and the Kelp exploit for $293 million. Over the past decade, hacks across the crypto industry have surpassed $17 billion across 518 recorded incidents.
