Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward

The exploiter who drained the Verus-Ethereum bridge of over $11 million has returned $8.5 million to the project’s team, while keeping $2.8 million as a white-hat bounty.

This comes barely a day after the Verus community and its developers offered the reward in exchange for the hacker meeting a set of terms.

Hacker Accepts $2.8 Million Bounty

The incident took place on May 17, with the hacker taking advantage of a missing validation step on one of its cross-chain bridge contracts, which allowed them to drain approximately 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Following the hack, the project’s team decided to stop its block-producing nodes to prevent further transfers and issued an emergency patch.

Verus later said on social media that it was offering the Ethereum bridge exploiter a 1,350 ETH bounty in exchange for returning 4,052 ETH within 24 hours, adding that it would stop any investigations and not pursue charges if the conditions were met.

Blockchain security firm PeckShieldAlerts has since reported that the hacker transferred 4,052 ETH back to the team’s address, recovering 75% of the stolen funds while retaining a 25% bounty of 1.350 ETH. However, Verus has yet to issue a formal acknowledgment of the recovery on their platforms as stipulated in their initial statement.

Developer Flags Possible AI Use in Hack

The update comes as the crypto sector is dealing with a rise in the number of bridge exploits, with the Verus incident being the eighth of this kind this year. According to PeckShield, attackers have made off with a total of $328.6 million from several cross-chain protocols like THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX.io as of Mid-May.

But the Verus case is notable because the complexity of the exploit suggests hackers are using AI to help execute it. The protocol’s lead developer, Mike Toutonghi, explained in an article how the technology might have helped them understand the system’s rules closely enough to design transactions that bypassed checks and tricked the Ethereum contract into accepting the malicious cross-chain transfer.

Elsewhere, Vitalik Buterin shared insights on how AI can still be used to strengthen security instead of breaking it. Responding to community concerns about the technology creating non-stop exploitation opportunities, the Ethereum co-founder countered by saying that AI-assisted formal verification could be used as a strong defense against security failures in the crypto industry.

The post Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward appeared first on CryptoPotato.