Verus bridge exploiter returns 4,052 ETH, retains $2.8 million bounty: onchain analyst

An exploiter of the Verus bridge returned 4,052.4 ETH, valued at $8.5 million, on Friday following the protocol's bounty proposal. The attacker retained approximately $2.8 million in extracted value, according to onchain analysis.

Verus offered a bounty framework after discovering the bridge exploit. The terms allowed the attacker to keep a portion of stolen funds in exchange for returning the bulk of drained liquidity. This arrangement mirrors tactics used by other protocols facing major exploits, where teams negotiate partial recovery rather than pursuing full prosecution.

The exploit affected the Verus cross-chain bridge, which enables asset transfers between different blockchains. Bridge vulnerabilities have become prime targets for attackers, with protocols from Ronin to Harmony suffering nine-figure losses in recent years. Verus identified the vulnerability and immediately moved to contain damage through the bounty negotiation.

The attacker's decision to return funds suggests they prioritized avoiding law enforcement scrutiny over maximizing stolen capital. Retaining $2.8 million while returning $8.5 million demonstrates a calculated risk assessment. Onchain data often reveals exploiters' addresses within hours, making clean escapes difficult. This pattern has emerged repeatedly in 2024, with exploiters returning portions of stolen funds after teams establish clear incentive structures.

Verus published details of the exploit shortly after discovery, allowing the team to propose terms quickly. The bounty framework specified exact return amounts and retention thresholds, creating a defined negotiation space. Protocols increasingly adopt this approach to limit total losses and restore user confidence faster than lengthy legal proceedings.

The return of 4,052 ETH protects liquidity providers and reduces contagion risk across Verus's ecosystem. Users who withdrew funds after the exploit announcement face lower recovery friction than in scenarios requiring court orders or asset seizures.

Verus must now conduct a security audit before relaunching its bridge. The incident highlights ongoing tensions between bridge design complexity and security, a recurring theme across multichain infrastructure. Protocols continue shipping bridges despite historical failure rates,