Bounty Offer Reclaims $8.5M From Verus Bridge Exploit

The attacker behind the Verus cross-chain bridge exploit has returned 4,052 ETH to the Verus team wallet, worth about $8.5 million at current prices. In a calculated turn, Verus had offered a 1,350 ETH bounty for the recovery of most of the stolen funds, with the exploiter retaining the remaining ETH as a reward, according to blockchain security firm PeckShield.

Verus signaled the bounty a day earlier, saying that if the attacker returned 4,052.4 ETH to the team address within 24 hours, the portion retained by the exploiter would be treated as a reward. The latest recovery illustrates how some projects pursue direct negotiations to reclaim stolen assets, a tactic that does not automatically shield individuals from law enforcement or third-party actions.

The recovery comes days after the Verus-Ethereum bridge was drained in a forged cross-chain transfer exploit, underscoring ongoing security concerns in 2026 as DeFi infrastructure faces repeated attack vectors. PeckShield documented the development on Friday, confirming the 4,052 ETH return and the 1,350 ETH bounty arrangement.

Source: PeckShield

Key takeaways

• 4,052 ETH was returned to the Verus team wallet, valued around $8.5 million, representing roughly 75% of the total funds stolen in the incident. The exploiter retains 1,350 ETH (about $2.8 million) as a bounty.
• Verus had offered the bounty as a potential incentive for recovery, stating the remaining ETH would be treated as a reward if 4,052.4 ETH was returned within 24 hours. The deal highlights a growing pattern of negotiated recoveries in DeFi incidents.
• The recovery follows a forged cross-chain drain of the Verus-Ethereum bridge, illustrating how cross-chain exploits continue to shape security priorities across DeFi infrastructure.
• April DeFi hacks surged to about $634 million in aggregate losses, with Drift Protocol ($280 million) and Kelp ($293 million) highlighted as the month’s largest incidents. May losses have slowed to roughly $38 million so far, per DefiLlama.

Verus’ recovery, and what it signals for DeFi security

The Verus incident sits at a crossroads of negotiation, enforcement, and tech risk. By publicly offering a bounty and engaging with the attacker to recover assets, Verus demonstrates a persistence among some projects to reclaim stolen funds through direct outreach rather than relying solely on external remedies. PeckShield’s analysis confirms that the recovered amount, coupled with the bounty structure, accounts for about three-quarters of the total stolen in this event, with roughly 5,400 ETH quoted as the overall loss when accounting for the bounty portion.

The game-theory aspect is notable: a targeted recovery such as this can get funds back into circulation and reduce the immediate attack surface for the protocol. Yet, it also leaves open the question of legal and regulatory action, and how authorities might respond to negotiable recoveries when illicit proceeds are involved. Verus’ public stance—recover the majority, treat the rest as a reward—reflects a pragmatic path taken by some teams under stress to preserve user assets and maintain confidence in cross-chain activity.

The broader security backdrop remains challenging. Cross-chain bridges have repeatedly proven vulnerable to forged transfers, replay attacks, and misconfigurations. The Verus incident adds to a lengthy ledger of DeFi exploits that have kept security teams and auditors on high alert. As the ecosystem experimen ts with more automated risk controls, incident response playbooks are evolving to balance rapid recovery with lawful process and transparent disclosure.

April’s DeFi breach wave and the lingering risk in May

DefiLlama’s data shows that April’s hacks totaled about $634 million in value stolen across numerous protocols, underscoring the sector’s persistent risk profile. Among the most substantial incidents in April were the Drift Protocol breach, which saw losses around $280 million, and the Kelp Restaking exploitation, with losses near $293 million. These incidents illustrate the fault lines in high-yield, cross-chain, and restaking architectures that have become attractive targets for adversaries.

By May, the pace of large breaches appeared to slow considerably. DefiLlama’s latest figures indicate approximately $38 million stolen so far in the month, suggesting a cooling period relative to the spike in April. Still, even a fraction of the earlier totals poses material risk for liquidity, governance, and user trust in DeFi ecosystems.

Beyond the raw dollar figures, the ongoing attack surface—bridges, restaking platforms, and other cross-chain primitives—remains a central concern for developers, auditors, and investors. Historical data show that private-key compromises, phishing, and credential-based breaches have driven a large share of losses over the past decade, a trend consistently highlighted by industry coverage and risk assessments. As the ecosystem evolves, observers will watch for improvements in key management, fraud prevention, and real-time fund recovery mechanisms.

Related coverage from Cointelegraph noted the broader regulatory and legal conversations surrounding DeFi security and asset recovery, as discussions about who can claim stolen funds continue to unfold in legal and policy circles. The field remains a dynamic intersection of technology, incentives, and governance that will shape how users and builders approach cross-chain activity in the years ahead.

Readers should monitor whether regulatory responses tighten the permissible scope of bounty-based recoveries or push for more standardized incident-response protocols. While the Verus case shows a potential pathway for asset reclamation, it also underscores that negotiation-based recoveries are not guaranteed to shield participants from potential enforcement actions or private litigation, depending on jurisdiction and circumstances.

This article was originally published as Bounty Offer Reclaims $8.5M From Verus Bridge Exploit on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.