The exploiter behind the recent Verus Ethereum bridge attack has returned most of the stolen funds after accepting a negotiated settlement with the project team.
Blockchain security firm PeckShield reported that the attacker sent back 4,052.4 ETH worth around $8.5 million while keeping 1,350 ETH as a bounty payment under the agreement.
Verus Recovers 75% of Stolen Funds
According to PeckShield, the returned assets represented roughly 75% of the total funds stolen during the exploit.
Blockchain records on Etherscan showed a successful transfer of 4,052 ETH from a wallet labeled “Verus Exploiter 2” to an address connected to the Verus team on May 21. At the time of the transaction, the returned ETH was valued at approximately $8.59 million.
Meanwhile, another transaction showed that 1,350 ETH worth about $2.86 million moved from the exploiter wallet to a separate address shortly after the return transfer, confirming the bounty portion of the settlement.
Community Reacts to Negotiated Settlement
The recovery quickly sparked debate across the crypto community.
Some users described the outcome as a practical success, arguing that negotiated settlements may be more effective than legal threats once stolen funds are already under attacker control.
Crypto commentator Bee Swarm said “75% recovery is the new standard,” suggesting that bounty agreements can help projects recover large portions of funds faster than extended legal or enforcement actions.
Others, however, warned that the exploit still highlights deeper security weaknesses inside cross-chain bridge infrastructure.
X user Zenthis argued that partial fund recovery does not solve the broader issue of centralized custody risks in bridges and pointed toward atomic swaps as a safer long-term alternative.
Verus Offered Public Settlement Terms
Before the funds were returned, Verus publicly posted a settlement proposal directed at the exploiter.
According to the statement shared on X, the Verus community and development team agreed to offer a 1,350 ETH bounty in exchange for the return of the remaining stolen assets.
The proposal also outlined conditions covering how the funds would be returned and how the matter could be resolved under the agreed terms.
The successful recovery makes the Verus case different from many previous bridge exploits, where stolen assets are often hidden through mixers or remain permanently under attacker control.
In this case, most of the drained ETH ultimately returned to a wallet linked to the project team following the public bounty offer.
Earlier Exploit Drained More Than $11.5M
The settlement follows the major Verus Ethereum bridge attack that occurred on May 18.
Earlier reports showed the bridge lost more than $11.5 million after attackers allegedly exploited weaknesses in the project’s cross-chain transfer validation system.
PeckShield reported that the stolen assets included 103.6 tBTC, 1,625 ETH, and nearly 147,000 USDC. The attacker later converted the stolen funds into approximately 5,402 ETH worth about $11.4 million at the time.
Security firm Blockaid later linked the exploit to missing source-amount validation checks inside the bridge logic.
The company clarified that the incident was not caused by an ECDSA bypass, notary key compromise, parser issue, or hash-binding vulnerability.
Bridge Security Remains a Major DeFi Risk
The Verus incident is the latest in a growing series of cross-chain bridge attacks affecting the DeFi industry.
Recent reports highlighted how Butter Network suffered severe damage after attackers exploited the MAPO bridge and minted unauthorized tokens, causing the token price to collapse.
Meanwhile, Echo Protocol recently paused bridge activity after attackers minted roughly $76.7 million in unauthorized eBTC on Monad before moving assets through Tornado Cash.
These incidents continue showing why bridge validation systems remain one of the most sensitive attack surfaces in decentralized finance. Since bridges manage assets across multiple blockchains, weak validation logic can allow attackers to forge transfers, mint unauthorized assets, or drain reserves before teams can react.
