The hacker who exploited the Verus cross-chain bridge returned 75% of the stolen funds — about $8.5 million — as part of a recovery deal negotiated with the protocol. The return came just days after the incident, following a bounty offer extended by the project team.
The Exploit
Days before the return, an attacker drained funds from the Verus bridge, a tool that lets users move assets between blockchain networks. The exact method used hasn't been detailed publicly, but bridge exploits have become a familiar risk in decentralized finance. The stolen amount initially totaled roughly $11.3 million.
The protocol team moved quickly. They issued a public bounty offer — a common tactic in crypto incidents — and opened a line of communication with the hacker. Negotiations followed, and the two sides eventually agreed on terms for the return of most of the money.
The Recovery Deal
Under the deal, the hacker sent back $8.5 million, representing three-quarters of what was taken. The remaining 25% — about $2.8 million — is still unaccounted for. The protocol hasn't disclosed whether that portion was kept by the hacker as a so-called white-hat fee or if further negotiations are ongoing.
The return was processed on-chain, visible to anyone monitoring the relevant wallet addresses. The Verus team confirmed the transaction and thanked the community for its patience. They didn't name the hacker or provide any identifying details.
Bounty Offer and Next Steps
The bounty offer was a key part of the resolution. In many crypto thefts, projects promise a reward — or immunity from legal action — in exchange for returning funds. That approach has mixed results; sometimes it works, sometimes it doesn't. In this case, it did.
The protocol now faces a decision about what to do with the recovered funds. They could redistribute them to affected users, cover losses, or use them for development. They've said they'll provide an update once a plan is finalized.
As for the hacker, they retain roughly $2.8 million. Whether that was part of the deal or a leftover from the exploit remains unclear. No law enforcement involvement has been reported.
