The exploiter who drained the Verus-Ethereum bridge of more than $11 million has returned $8.5 million to the project’s team while retaining $2.8 million as a white-hat bounty.
This resolution follows a public offer from the Verus community and its developers, who set clear terms for the hacker to return a portion of the stolen funds in exchange for a promise to halt legal action and investigations.
Hacker Accepts $2.8 Million Bounty
The exploit occurred on May 17, when an attacker exploited a missing validation step in one of the bridge’s cross-chain contracts. That flaw enabled the attacker to drain roughly 103.6 tBTC, 1,625 ETH, and 147,000 USDC. After discovering the unauthorized transfers, the Verus team stopped block-producing nodes to prevent further movement of funds and issued an emergency patch to address the vulnerability.
Verus publicly offered a settlement: a 1,350 ETH bounty if the exploiter returned 4,052 ETH to a specified address within 24 hours. The team pledged to cease further investigation and not pursue charges if those conditions were met.
If you return a total of 4052.4 ETH to the address 0xF9AB…C1A74 within the 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation of you.
Blockchain security monitor PeckShieldAlerts reported that the attacker complied, transferring 4,052 ETH back to the team address. That recovery accounts for about 75% of the stolen assets, leaving the attacker with roughly 25%—the 1,350 ETH bounty. As of this writing, Verus has not yet published a formal acknowledgement of the recovery on its official channels in line with the original offer.
Developer Flags Possible AI Use in Hack
The Verus incident is part of a broader trend: bridge exploits have become a recurring problem in the crypto sector. It represents the eighth bridge-related exploit reported this year. According to PeckShield, attackers had stolen approximately $328.6 million from a range of cross-chain protocols—including THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX—through mid-May.
What makes the Verus case particularly noteworthy is the apparent sophistication of the exploit. The protocol’s lead developer, Mike Toutonghi, suggested that artificial intelligence may have played a role. He explained how advanced tools could help an attacker analyze the protocol’s rules and craft transactions that bypassed expected checks, convincing the Ethereum contract to accept a malicious cross-chain transfer.
At the same time, prominent figures in the crypto community see AI as a double-edged sword. Ethereum co-founder Vitalik Buterin has pointed out that AI can also strengthen security. Rather than merely facilitating attacks, AI-assisted formal verification and other automated analysis techniques can improve the detection of logic flaws and reduce the likelihood of similar vulnerabilities in smart contracts and cross-chain systems.
In response to the exploit, Verus patched the vulnerable contract and temporarily halted related services to limit damage. The incident underscores the need for rigorous auditing, comprehensive validation steps in bridge contracts, and continued investment in automated security tools—potentially including AI-assisted verification—to protect cross-chain infrastructure going forward.
While the return of most funds brings partial closure to this particular incident, it also raises questions about incentives and ethics in incident responses. The choice to offer a bounty and promise not to pursue charges in exchange for fund recovery is becoming an increasingly visible tactic in the industry, prompting ongoing discussion about how best to deter malicious behavior while recovering assets and protecting users.