A hacker has returned Ethereum worth about $8.5 million after exploiting the Verus cross-chain bridge, renewing attention on so-called white-hat bounty deals in decentralized finance. The attacker sent back 4,052.4 ETH to the Verus team following negotiations, while keeping 1,350 ETH worth roughly $2.8 million under a previously agreed bounty arrangement.
Blockchain security firm PeckShield confirmed the transfer on X and said the returned funds accounted for about 75% of what was stolen.
On May 18, funds worth around $11.58 million were drained from the Verus-Ethereum bridge. The breach affected ETH, tBTC, and USDC, and exposed a weakness in the bridge’s verification process. Security researchers said the attacker did not break private keys. Instead, they exploited flaws in how the system checked and approved transactions, which allowed unauthorized withdrawals to pass.
Investigators compared the technique to past bridge exploits, including Wormhole and Nomad. As a result, concerns have increased around the security of cross-chain systems, which continue to face repeated structural failures across decentralized finance networks.
Verus negotiates with exploiter
The Verus team moved quickly into negotiations after the exploit became public. It offered the attacker a 1,350 ETH bounty if they returned the remaining funds within 24 hours. The proposal also included a promise to drop investigations if the attacker fully complied with the terms.
In a public statement on X, Verus wrote: “We have agreed that the bounty amount will be 1350 ETH.” The team also said it would halt all investigations if the attacker followed the agreement. As a result, the communication framed the deal as a structured return process rather than a legal escalation.
The attacker later returned the funds to the specified address. This outcome triggered renewed debate across the crypto community on white-hat bounty arrangements. Some developers support such negotiated recoveries as practical risk control. However, critics argue these deals may encourage more exploit attempts in future breaches.
Verification weakness triggered the attack
Security firm Blockaid traced the Verus exploit to a structural flaw in the bridge’s verification system. Investigators said the protocol failed to properly confirm whether reserve funds existed on the originating chain before approving transactions.
The attacker took advantage of this gap by creating a small 0.02 VRSC transaction with altered export data. The system accepted the request because it technically followed existing rules, even though the underlying balance checks were incomplete. As a result, the attacker managed to trigger large withdrawals while paying only about $10 in transaction fees.
Blockaid said the exploit bypassed a key safety check known as “checkCCEValues.” Researchers also noted that developers could fix the issue with a relatively small update, estimated at around 10 lines of Solidity code.
Bridge hacks continue to threaten DeFi
Bridge attacks have continued to pressure decentralized finance platforms throughout 2026. Data from PeckShield showed hackers have stolen about $328.6 million across eight bridge-related exploits this year alone.
Separate figures from DeFiLlama indicate that total crypto losses now exceed $16.5 billion over time. Cross-chain bridge attacks account for roughly $3.22 billion of those losses. Thus, worries about the dangers associated with interoperability technologies become more widespread within the cryptocurrency sector.
The Verus situation represents another example of this trend, although in this case the team succeeded in returning the stolen coins. The project’s decision is also representative of a new industry-wide tendency, where certain development teams choose to negotiate rather than pursue lengthy court cases to recover major chunk of stolen funds.
Also Read: Global Police Seize Crypto Wallets, Bank Funds in $752M Scam
