Verus cross-chain bridge hacker returns 75% of stolen funds, protocol accepts settlement and will not pursue legal action

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1555 words

The attacker returned 4,052 ETH (approximately $8.5 million), retaining 1,350 ETH as a bounty—the Verus cross-chain bridge heist concluded through negotiation, but whether the bounty mechanism implicitly encourages "attack first, negotiate later" has sparked debate. (Background: Verus Ethereum cross-chain bridge attacked! Blockaid monitoring: losses exceed $11.58 million) (Context: THORChain launches recovery proposal after being hacked: protocol absorbs $10 million loss, burns attacker's $RUNE) The Verus Ethereum cross-chain bridge attack that occurred mid-month has seen major developments after several days of negotiation. The attacker today proactively returned approximately 4,052 ETH, worth about $8.5 million, representing 75% of the initially stolen 5,402 ETH (approximately $11.58 million). The protocol Verus announced its acceptance of the negotiation outcome, agreeing not to pursue legal action against the hacker, and treating the remaining 1,350 ETH (approximately $2.8 million) as a white hat bounty in return for the attacker discovering and disclosing the vulnerability. According to on-chain data, the returned funds have been transferred in batches from the attacker's address to a wallet designated by Verus. Neither party has publicly disclosed the complete negotiation details, but the community generally believes this was a "vulnerability disclosure bounty"-style negotiation led by the Verus team. The attacker issued a statement on social media, emphasizing that they were not maliciously stealing, but rather hoped this action would prompt the protocol to take security issues seriously, and thanked the team for their willingness to resolve the matter constructively. However, opinions within the Verus community are divided on this outcome. Some members consider this a paradigm in DeFi security history—reducing losses through negotiation, avoiding lengthy litigation, and ultimately recovering most of the funds; but others criticize it as implicitly encouraging an "attack first, negotiate later" culture, allowing hackers to walk away unscathed while retaining handsome rewards. In fact, similar patterns are not unprecedented in cross-chain bridge attack incidents. In July 2021, THORChain was attacked and suffered approximately $5 million in losses; after the protocol publicly called out the attacker, the attacker returned most of the funds and received a 10% bounty. In August of the same year, Poly Network suffered a $610 million hack; under community pressure and negotiation with the protocol, the hacker ultimately returned nearly all the funds, and the protocol did not file charges. These cases share similar trajectories with the Verus incident: the attackers were not purely motivated by profit, but had "vulnerability disclosure" demands, while the protocols used bounties as incentives to facilitate the return of funds. By contrast, the early 2022 Wormhole bridge attack (loss of $320 million) and the Ronin bridge attack (loss of $620 million) had completely different outcomes. Wormhole was fully compensated by parent company Jump Crypto, and the attacker has yet to be apprehended; the Ronin attack was confirmed to be the work of North Korea's Lazarus Group, with funds difficult to recover, ultimately relying only on law enforcement to freeze partial assets. These two incidents highlight that "bounty negotiation" is not a panacea—whether reconciliation can be achieved often depends on the attacker's identity and motives. The bounty model plays an increasingly complex role in the DeFi security ecosystem. On one hand, it provides project teams with a tool for rapid damage control, particularly in early stages lacking insurance mechanisms, where bounties can effectively reduce ultimate losses. On the other hand, this model may also create moral hazard, leading potential attackers to believe that returning most of the funds will exempt them from criminal liability while still earning a substantial bounty. In the long run, DeFi protocols still need to return to fundamentals: strengthening code audits, deploying real-time monitoring, and implementing emergency pause mechanisms to reduce such incidents at the source. Verus co-founder Michael J. Toutonghi stated in the community that this incident taught them valuable lessons, and they will comprehensively enhance the security of bridge contracts going forward, while considering the introduction of a more robust bug bounty mechanism to enable white hat hackers to proactively report vulnerabilities before attacks occur. He emphasized that the protocol's primary goal has always been to protect user assets, and while this outcome may not be perfect, it is the best solution under current circumstances. As of press time, the Verus cross-chain bridge has resumed normal operations, and user funds are secure. This incident also leaves the crypto industry with a case worth pondering: when there is room for negotiation between attackers and protocols, can the bounty model become a norm in DeFi security, or is it merely a stopgap measure that treats symptoms rather than causes?

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-18

May’s DeFi Hack Tally Grows as Verus Bridge Reportedly Loses $11.58 Million

Similarity 320%標的 ETH關鍵字 verus同分類 hot

2026-05-18

Flagged Live: Attacker Flips $11.5M in Stolen Verus Assets to ETH Following Tornado Cash Setup

Similarity 280%標的 ETH關鍵字 verus

2026-05-18

Verus Ethereum bridge reportedly exploited for $11.6M in latest DeFi attack

Similarity 280%標的 ETH關鍵字 verus

2026-05-26