Verus Bridge hacker returns 75% of stolen funds in $8.5M ETH transfer

A hacker who exploited the Verus Ethereum cross-chain bridge has returned 4,052.4 ETH — worth approximately $8.5 million — to the project team, according to blockchain security firm PeckShield. The returned amount represents roughly 75% of the total funds stolen during the exploit.

Details of the fund recovery

PeckShield confirmed on March 27, 2025, that the stolen assets were transferred to an address controlled by the Verus team. The transaction was publicly visible on the Ethereum blockchain, allowing independent verification by the crypto community. The remaining 25% of the stolen funds — approximately 1,350 ETH valued at $2.8 million — has been retained by the exploiter as a white-hat bounty.

White-hat bounty arrangements are a growing but controversial practice in decentralized finance (DeFi). In such cases, hackers return the majority of stolen funds in exchange for a negotiated reward and immunity from legal action. This model is intended to incentivize responsible disclosure of vulnerabilities while minimizing losses for affected users.

Background on the Verus Bridge exploit

The Verus cross-chain bridge, which facilitates transfers between the Verus blockchain and Ethereum, was compromised earlier this month. The attacker exploited a vulnerability in the bridge’s smart contract code, draining a significant portion of the liquidity pool. The exact nature of the exploit has not been fully disclosed, but cross-chain bridges have become a frequent target for attackers due to their complexity and the large sums they hold.

Verus is a blockchain platform focused on decentralized identity and cross-chain interoperability. The project has been operational since 2018 and has built a reputation for its privacy-focused features. The bridge exploit marked one of the more significant security incidents for the project in recent years.

Implications for DeFi security

The Verus incident adds to a growing list of cross-chain bridge exploits that have collectively resulted in hundreds of millions of dollars in losses. According to data from DeFiLlama, cross-chain bridges have been responsible for over $2 billion in stolen funds since 2021. The trend has prompted increased scrutiny from regulators and calls for more rigorous smart contract auditing.

While the return of 75% of the stolen funds is a positive outcome for Verus users, the incident underscores persistent security risks in the DeFi ecosystem. White-hat bounty arrangements, while pragmatic, also raise questions about whether they encourage malicious actors to attempt exploits in hopes of receiving a payout.

Conclusion

The Verus Bridge hacker’s decision to return the majority of stolen funds in exchange for a white-hat bounty provides a partial resolution to what could have been a total loss for the project. However, the incident highlights the ongoing vulnerability of cross-chain infrastructure and the need for stronger security practices across the DeFi industry. Users are advised to exercise caution when interacting with cross-chain protocols and to prioritize platforms that have undergone thorough, independent security audits.

FAQs

Q1: What is a white-hat bounty in crypto?
A white-hat bounty is a reward offered to ethical hackers who discover and report vulnerabilities. In some cases, if an exploit has already occurred, the hacker may negotiate to return most of the stolen funds in exchange for a percentage as a bounty and a promise of no legal pursuit.

Q2: How much did the Verus Bridge hacker keep?
The hacker retained 1,350 ETH, worth approximately $2.8 million at current prices, as a white-hat bounty. This represents 25% of the total amount stolen.

Q3: Are cross-chain bridges safe to use?
Cross-chain bridges carry inherent security risks due to their technical complexity and the large amounts of locked value they manage. While many have been audited, exploits remain common. Users should research a bridge’s security history, audit reports, and insurance coverage before depositing funds.