The hacker behind the recent $11.58 million exploit targeting the Verus Bridge has returned most of the stolen cryptocurrency, easing fears across the community. The returned funds account for roughly 75% of the total amount stolen during the attack.
Blockchain security firm PeckShield confirmed that 4,052.4 ETH, worth about $8.5 million, was transferred back to a wallet controlled by the Verus team. The exploiter, however, kept 1,350 ETH, valued at around $2.8 million, as part of what appears to be an agreed bounty.
Hacker Hits Verus Ethereum Bridge
On May 18, 2026, an attack targeted the Verus-Ethereum bridge. The hacker forged a cross-chain transfer message that exploited the smart contract. A lack of validation checks for the amount allowed this fake payload to pass verification without any real backing.
The vulnerability enabled the attacker to drain 1,625 ETH, 103.6 tBTC, and approximately 147,000 USDC from the bridge’s reserves. Security firms quickly identified the suspicious outflows as the perpetrator swiftly converted all the stolen assets into about 5,402 ETH for easier movement.
In response to the incident, the Verus team offered the hacker a generous bounty of 1,350 ETH and requested the return of 4,052 ETH to a specific wallet address. Additionally, the developers promised to cease all investigations and treat the remaining amount as fair payment.
Verus Attacker Accepts Bounty
PeckShield confirmed the return of 4,052.4 ETH, valued at approximately $8.5 million, to the official team address. The funds arrived within the promised 24-hour window and accounted for 75% of the stolen amount. As a result, the exploiter retained 1,350 ETH as an agreed-upon reward.
This arrangement is similar to previous “white-hat” settlements in the cryptocurrency space, where hackers return stolen funds after identifying significant weaknesses in decentralized finance protocols. In several past cases, blockchain projects have offered negotiated rewards to exploiters rather than engaging in lengthy legal disputes or complex recovery processes.
Members of the Verus community expressed cautious relief as most of the missing funds were ultimately restored, preventing broader panic among investors. However, while the $8.5 million return offers some comfort to Verus users, the incident serves as another reminder that security remains one of the biggest challenges facing the cryptocurrency industry.
Jonathan Agozie | May 21, 2026
Chris Lion | May 19, 2026
