The exploiter behind the 11.3 million dollar Verus-Ethereum bridge hack has returned approximately 8.5 million dollars in stolen funds, retaining 2.8 million dollars as a white-hat bounty. The recovery, confirmed by blockchain security firm PeckShield, follows a structured negotiation in which the Verus team offered 1,350 ETH in exchange for the return of 4,052 ETH within a 24-hour deadline. The outcome marks one of the larger successful fund recoveries in the bridge exploit category this year.

Timeline of the Exploit and Bounty Negotiation

The incident occurred on May 17, when the attacker exploited a missing validation step in one of the Verus cross-chain bridge contracts. The vulnerability allowed the hacker to drain approximately 103.6 tBTC, 1,625 ETH, and 147,000 USDC from the bridge. In response, the Verus development team halted block-producing nodes to prevent further unauthorized transfers and deployed an emergency patch to address the vulnerability.

Verus subsequently posted on X that it was offering a bounty of 1,350 ETH, approximately 25 percent of the total stolen value, in exchange for the return of 4,052 ETH within 24 hours. The team stated it would cease all investigation and decline to pursue charges if the conditions were met. PeckShield later confirmed that the hacker transferred 4,052 ETH back to the designated recovery address, completing the negotiated return. Verus has not yet issued a formal public acknowledgment of the recovery on its official channels.

Bridge Exploits Remain a Persistent Threat in 2026

The Verus incident is the eighth cross-chain bridge exploit recorded in 2026, according to data compiled by PeckShield. Attackers have extracted a combined total of approximately 328.6 million dollars from bridge protocols including THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX as of mid-May. The frequency of these incidents underscores ongoing security challenges in the infrastructure layer that connects disparate blockchain networks.

Cross-chain bridges remain among the most technically complex components in the blockchain ecosystem, requiring smart contracts to manage asset custody and verification across networks with different consensus mechanisms. The validation gap exploited in the Verus bridge represents a class of vulnerability that has been documented in prior incidents, where insufficient checks on cross-chain proof submissions enable unauthorized withdrawals.

AI-Assisted Attack Methodology Raises New Concerns

Mike Toutonghi, lead developer of the Verus protocol, raised the possibility that the attacker may have used artificial intelligence tools to analyze the bridge contract’s validation logic. Toutonghi explained that the sophistication of the exploit suggested the hacker may have employed AI to understand the system’s rules closely enough to design transactions that bypassed verification checks and tricked the Ethereum contract into accepting a malicious cross-chain transfer.

The observation has drawn attention from security researchers examining the intersection of AI capabilities and smart contract exploitation. Ethereum co-founder Vitalik Buterin has separately discussed how AI could be deployed to strengthen blockchain security through automated code auditing and real-time anomaly detection, suggesting the technology may serve both offensive and defensive purposes in the security landscape.

Risks and Counterarguments

While the fund recovery represents a positive outcome, the incident highlights structural vulnerabilities that bounty negotiations alone cannot resolve. Critics note that the white-hat bounty model effectively rewards attackers and may incentivize future exploitation attempts by establishing a precedent for profitable outcomes regardless of legal risk. The 25 percent retention rate in the Verus case amounts to a substantial payout for unauthorized access.

The potential involvement of AI in exploit design introduces additional uncertainty for protocol security teams. If attackers can leverage AI to identify and exploit validation gaps more efficiently, the cost and complexity of securing bridge infrastructure could increase significantly. The broader crypto industry continues to debate whether the current pace of security improvements is keeping up with the evolving sophistication of attack methodologies.

About XT Exchange

Founded in 2018, XT Exchange is a leading global digital asset trading platform, serving over 12 million registered users across more than 200 countries and regions, with an ecosystem reach exceeding 40 million. XT Exchange supports 1,300+ tokens and 1,300+ trading pairs, offering a wide range of trading options, including spot, margin, and futures, alongside a secure RWA (Real World Assets) marketplace. Guided by the vision “Xplore Crypto, Trade with Trust,” the platform strives to provide a secure, trusted, and intuitive trading experience.

Join the XT Exchange Community: X (Twitter) | Telegram | Facebook | LinkedIn | Medium | YouTube

Disclaimer: XT Exchange reserves the right, at its sole discretion, to modify, amend, or cancel this announcement at any time for any reason without prior notice.