Verus had offered to drop investigations and not press charges if the attacker returned the stolen funds within a 24-hour deadline.
The exploiter who drained the Verus-Ethereum bridge of over $11 million has returned $8.5 million to the project’s team, while keeping $2.8 million as a white-hat bounty.
This comes barely a day after the Verus community and its developers offered the reward in exchange for the hacker meeting a set of terms.
Hacker Accepts $2.8 Million Bounty
The incident took place on May 17, with the hacker taking advantage of a missing validation step on one of its cross-chain bridge contracts, which allowed them to drain approximately 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Following the hack, the project’s team decided to stop its block-producing nodes to prevent further transfers and issued an emergency patch.
Verus later said on social media that it was offering the Ethereum bridge exploiter a 1,350 ETH bounty in exchange for returning 4,052 ETH within 24 hours, adding that it would stop any investigations and not pursue charges if the conditions were met.
“If you return a total of 4052.4 ETH to the address 0xF9AB…C1A74 within 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation of you,” wrote the team.
Blockchain security firm PeckShieldAlerts has since reported that the hacker transferred 4,052 ETH back to the team’s address, recovering 75% of the stolen funds while retaining a 25% bounty of 1.350 ETH. However, Verus has yet to issue a formal acknowledgment of the recovery on their platforms as stipulated in their initial statement.
‘); AdButler.ads.push({handler: function(opt){ AdButler.register(183000, 631314, [300,250], ‘placement_631314_’+opt.place, opt); }, opt: { place: plc631314++, keywords: abkw, domain: ‘servedbyadbutler.com’, click:’CLICK_MACRO_PLACEHOLDER’ }}); ]]>
Developer Flags Possible AI Use in Hack
The update comes as the crypto sector is dealing with a rise in the number of bridge exploits, with the Verus incident being the eighth of this kind this year. According to PeckShield, attackers have made off with a total of $328.6 million from several cross-chain protocols like THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX.io as of Mid-May.
But the Verus case is notable because the complexity of the exploit suggests hackers are using AI to help execute it. The protocol’s lead developer, Mike Toutonghi, explained in an article how the technology might have helped them understand the system’s rules closely enough to design transactions that bypassed checks and tricked the Ethereum contract into accepting the malicious cross-chain transfer.
You may also like:
Elsewhere, Vitalik Buterin shared insights on how AI can still be used to strengthen security instead of breaking it. Responding to community concerns about the technology creating non-stop exploitation opportunities, the Ethereum co-founder countered by saying that AI-assisted formal verification could be used as a strong defense against security failures in the crypto industry.
SPECIAL OFFER (Exclusive) Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
