- Verus recovers 4,052 ETH once the attacker accepts a public settlement agreement.
- The hacker held onto 1,350 ETH, while most of the bridge tokens were recovered and returned to the Verus wallet.
- Verus exploit recovery came as DeFi hacks dropped sharply from April’s $634M loss total.
An attacker behind the most recent hacking attack on the Verus-Ethereum bridge was able to return 4,052.4 ETH (about $8.5 million) to the project team’s wallet, making the Verus exploit recovery operations go smoothly.
The move came days after Verus made a public proposal for settlement on Thursday, which entailed recognizing some of the funds taken as bounty if all the funds were restored in a stipulated period.
The incident marked one of the latest negotiated recoveries involving a decentralized finance exploit in 2026, as crypto projects continued seeking partial asset returns through direct communication with attackers after major breaches.
Blockchain security firm PeckShield stated that the returned funds accounted for roughly 75% of the total assets drained during the exploit. According to the firm’s on-chain analysis, approximately 1,350 ETH, worth around $2.8 million, remained under the attacker’s control and was later transferred to a new wallet address.
The recovery occurred only hours after the Verus team published the settlement terms on X. In the statement, the contributors said the community would stop ongoing investigations and refrain from pursuing legal or extralegal action if 4,052.4 ETH was returned within 24 hours.
Source: Verus
The statement also said the community would publicly acknowledge the remaining 1,350 ETH as a bounty paid to the attacker. The proposal outlined the conditions under which the Verus exploit recovery process would conclude.
Verus Exploit Recovery Followed Public Settlement Terms
The Verus team publicly disclosed the arrangement after negotiations with the attacker became visible on-chain and through social media activity tied to the exploit. The contributors said the focus after the attack shifted toward securing the bridge infrastructure, reviewing vulnerabilities, and organizing recovery efforts without outside financial backing.
According to the project, the Verus-Ethereum bridge was compromised on May 18 at approximately 11:55 p.m. UTC. A Discord announcement issued after the incident stated that the attacker extracted ETH, USDC, and tBTC from the Ethereum-side contract connected to the bridge.
Security platform Blockaid estimated total losses from the exploit at approximately $11.58 million. PeckShield later reported that the bridge had been drained of 103.6 tBTC, 1,625 ETH, and 147,000 USDC.
The attacker subsequently converted the assets into 5,402 ETH valued at roughly $11.4 million at the time of the swaps. On-chain records cited by PeckShield showed that most of those funds were later returned to the project wallet under the negotiated arrangement.
The Verus exploit recovery process added to a growing number of incidents in which crypto projects attempted to recover stolen assets through direct settlement offers rather than relying solely on enforcement action or litigation. However, the Verus contributors also noted in their public statement that the agreement did not automatically shield the attacker from potential third-party investigations or independent law enforcement actions.
DeFi Exploits Continue Across Crypto Sector
The Verus exploit recovery occurred during a year that has continued to record major decentralized finance security incidents. Data from DefiLlama showed that DeFi-related hacks totaled $634 million in stolen value in April alone.
Two of the largest incidents recorded during the month involved the Drift Protocol and Kelp exploits. According to DefiLlama data, the Drift incident accounted for approximately $280 million in losses, while the Kelp exploit drained roughly $293 million. Despite those figures, losses declined significantly during May.
DefiLlama data indicated that approximately $38 million had been stolen across crypto-related exploits so far this month.
Bridge attacks and credential-related breaches have remained a major issue for the digital asset industry. Many attacks occurred as a result of private keys getting hacked or through phishing and credential theft attacks.
Verus Team Focused on Securing the Bridge
As a response to the exploitation, the Verus contributors explained that extra security had been implemented since the attack to secure the bridge. It was explained that there was a lot of auditing and hardening of infrastructure to address any vulnerability found during the exploit process.
The project also said it was developing a recovery plan to address losses incurred during the exploit. According to the contributors, those efforts were coordinated through the network’s decentralized community structure. The Verus exploit recovery reduced the immediate financial impact of the attack after most of the drained ETH was returned to project-controlled wallets.
However, a portion of the funds remained under the attacker’s control as outlined in the settlement terms publicly shared by the contributors. The Onchain tracking report kept tracking the leftover 1,350 ETH which were moved by the hacker to another wallet. PeckShield stated that the movement occurred shortly after the larger transfer returned funds to the project.
