{"id":29413,"date":"2026-05-22T09:12:47","date_gmt":"2026-05-22T09:12:47","guid":{"rendered":"https:\/\/bitunikey.com\/news\/verus-bridge-attacker-sends-back-8-5m-keeps-bounty\/"},"modified":"2026-05-22T09:12:55","modified_gmt":"2026-05-22T09:12:55","slug":"verus-bridge-attacker-sends-back-8-5m-keeps-bounty","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/verus-bridge-attacker-sends-back-8-5m-keeps-bounty\/","title":{"rendered":"Verus bridge attacker sends back $8.5M, keeps bounty"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p><strong>The Verus Ethereum bridge exploiter has returned 4,052 ETH to the project team after a settlement offer, while keeping 1,350 ETH as a bounty.<\/strong><\/p>\n<div id=\"cn-block-summary-block_150456946d8465036c52025dec8caccc\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>PeckShield says the Verus bridge exploiter returned 4,052 ETH, equal to 75% of stolen funds.<\/li>\n<li>The exploiter kept 1,350 ETH as a bounty after Verus proposed settlement terms publicly.<\/li>\n<li>Earlier reports linked the Verus bridge exploit to missing validation checks in cross-chain transfer logic.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>PeckShield said the Verus bridge exploiter returned 4,052.4 ETH, worth about $8.5 million, to a Verus team address. The firm said the returned assets represented 75% of the stolen total.<\/p>\n<p>Etherscan data <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xb428dae60a234c149c8bc4468979356c434726bf8f588b6c97bd7144aa5bcefe\" target=\"_blank\" rel=\"nofollow\">shows<\/a> a successful transfer of 4,052 ETH from a wallet labeled Verus Exploiter 2 to the address 0xF9AB\u2026C1A74 on May 21. The transaction was valued at about $8.59 million at the ETH price shown by the explorer.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">#PeckShieldAlert<\/a> The <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/VerusCoin?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">@veruscoin<\/a> Bridge exploiter has returned 4,052.4 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24ETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">$ETH<\/a> (~$8.5M) to the team address: 0xF9AB\u2026C1A74. <\/p>\n<p>The returned funds represent 75% of the stolen total, leaving a 25% bounty (1,350 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24ETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">$ETH<\/a>, ~$2.8M) in the exploiter&#8217;s wallet. <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/ZFIqnHBwZk\">https:\/\/t.co\/ZFIqnHBwZk<\/a> <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/vPsiOigyQ5\">pic.twitter.com\/vPsiOigyQ5<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/2057638728890536262?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">May 22, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>PeckShield said the remaining 25% stayed with the exploiter as a bounty. A separate Etherscan transaction <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0x84aada67c438869ea19cf6e82fb33b3d2515b636c166dfc356eb8167a15d5e67\" target=\"_blank\" rel=\"nofollow\">shows<\/a> 1,350 ETH, worth about $2.86 million, moved from the exploiter wallet to a new address minutes after the return transfer.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<figure class=\"wp-block-image size-large\"><figcaption class=\"wp-element-caption\">Source: Etherscan<\/figcaption><\/figure>\n<p>Some X users <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/bee_swarm\/status\/2057715095481004399?s=20\" target=\"_blank\" rel=\"nofollow\">framed<\/a> the recovery as a win for negotiated returns. Bee Swarm said \u201c75% recovery is the new standard\u201d and argued that bounty deals can work better than legal threats after funds are gone.<\/p>\n<p>Others said the exploit still points to deeper bridge risks. Zenthis <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/zenthis_io\/status\/2057701991200035241?s=20\" target=\"_blank\" rel=\"nofollow\">argued<\/a> that partial recovery does not fix \u201ccentralized custody in bridges,\u201d while pointing to atomic swaps as an alternative.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Bounty offer followed public Verus terms<\/strong><\/h2>\n<p>Verus had earlier <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/VerusCoin\/status\/2057465214975492358?s=20\" target=\"_blank\" rel=\"nofollow\">posted<\/a> a message to the bridge exploiter, saying its community and developers had discussed terms for the fund return. The post said the terms covered the bounty size, the exploiter\u2019s obligations, and how the assets could be returned.<\/p>\n<p>According to the public Verus message from X, the community had agreed to a 1,350 ETH bounty. The offer was tied to returning the remaining funds and settling the matter under the proposed terms.<\/p>\n<p>The return now makes the Verus case different from many bridge attacks, where stolen funds often move through mixers or remain under attacker control. In this case, most of the drained ETH moved back to a team address after the bounty offer.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Earlier exploit drained $11.5M<\/strong><\/h2>\n<p>The fund return follows the May 18 Verus Ethereum bridge attack. Earlier coverage reported that the bridge lost more than $11.5 million after attackers used what security researchers described as a forged cross-chain transfer message.<\/p>\n<p>PeckShield had reported that the drained assets included 103.6 tBTC, 1,625 ETH, and nearly 147,000 USDC. The attacker later swapped the stolen assets into 5,402 ETH, worth about $11.4 million at the time.<\/p>\n<p>Blockaid linked the exploit to missing source-amount validation inside the bridge logic. The firm said the issue was not an ECDSA bypass, not a notary key compromise, and not a parser or hash-binding bug.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Bridge security remains under pressure<\/strong><\/h2>\n<p>The Verus recovery comes during a busy period for cross-chain security incidents. Recent coverage said MAPO fell 96% after attackers exploited the Butter Network bridge and minted a huge amount of unauthorized tokens.<\/p>\n<p>Echo Protocol also paused cross-chain activity after an attacker minted about $76.7 million in unauthorized eBTC on Monad. On-chain investigators said the exploiter used fake eBTC as collateral before moving funds through Tornado Cash.<\/p>\n<p>These cases show why bridge validation remains a core risk for DeFi. Bridges hold assets across chains, so weak checks can allow attackers to trigger transfers, mint tokens, or move reserves before teams can stop the flow.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Verus Ethereum bridge exploiter has returned 4,052 ETH to the project team after a settlement offer, while keeping 1,350 ETH as a bounty. Summary PeckShield says the Verus bridge&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1981,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-29413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=29413"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29413\/revisions"}],"predecessor-version":[{"id":29414,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29413\/revisions\/29414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/1981"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=29413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=29413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=29413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}