The attacker behind the Verus bridge exploit has returned approximately $8.5 million in Ether after the project offered a bounty. The exploiter kept about $2.8 million as the reward, recovering roughly 75% of the stolen funds. This incident follows a major surge in decentralized finance (DeFi) hacks, which reached over $600 million in stolen value during April.
The attacker behind the Verus bridge exploit has returned 4,052 Ether, worth about $8.5 million, to the project’s team wallet. This occurred after Verus offered a 1,350 ETH bounty for the recovery of most of the stolen funds.
The return represents about 75% of the stolen funds, with the exploiter retaining 1,350 Ether, worth about $2.8 million as a bounty, according to blockchain security firm PeckShield. Verus had offered the bounty a day earlier, setting a 24-hour deadline for the return.
The recovery shows how some crypto projects try to negotiate directly with exploiters to recover stolen funds. Such deals do not necessarily prevent law enforcement or third parties from taking action.
The recovery comes days after the Verus-Ethereum bridge was drained in a forged cross-chain transfer exploit. This adds to a string of bridge and decentralized finance attacks that have kept crypto security concerns high in 2026.
DeFi hacks surged to a cumulative $634 million worth of value stolen in April, data aggregator DefiLlama shows. The $280 million Drift Protocol exploit and the $293 million Kelp exploit represented the largest incidents.
Losses have fallen sharply in May, with DefiLlama data showing roughly $38 million stolen so far this month. Still, cryptocurrency hacks remain one of the biggest hurdles halting mainstream blockchain adoption.
During the past decade, crypto hackers stole over $17 billion across 518 recorded incidents. The majority stemmed from compromised private keys, alongside phishing and other credential-based attacks.
