On May 18, 2026, the Ethereum side contract of the Verus-Ethereum cross-chain bridge was compromised, leading to the theft of assets such as ETH, USDC, and tBTC held in the bridge's custody, with an estimated total loss of about 11.58 million USD. Instead of a technical announcement, the result was an abrupt "emergency stop": the Verus network announced a halt in operations, most block production nodes went offline, and the on-chain activity suddenly became quiet, leaving the community in a tense state of ignorance about the whereabouts of the funds and the future of the network. The project team quickly extended an olive branch—publicly stating that if the attacker returned the stolen assets, they would offer a bounty for the vulnerability. However, they were also compelled to remind users in the same statement that anyone approaching under the guise of "compensation" or "bounty" was most likely a scammer taking advantage of the chaos. Coincidentally, just a day before, the Adshares cross-chain bridge also faced an attack, resulting in about 628,000 USD in stolen funds; subsequently, the attacker returned 256 ETH to its project deployment address, accounting for approximately 86% of the stolen amount. This precedent of "negotiated fund return" has been viewed by many as a replicable response strategy, and whether Verus can retrieve the 11.58 million USD through the bounty has become the biggest unknown in this crisis.

Ethereum Side Contract Compromised: Verus Hits the Pause Button

On May 18, the focus turned directly to the Ethereum side contract of the Verus-Ethereum cross-chain bridge. Assets originally meant for cross-chain transfer, such as ETH, USDC, and tBTC, were continuously transferred out of the contract to addresses controlled by the attacker, quickly emptying the locked funds, with estimated losses around 11.58 million USD, ranking high among this year's series of cross-chain incidents. For users, the assets left on the bridge vanished in just a few transactions, turning the cross-chain "security channel" into a bleeding point overnight.

Upon discovering the anomaly, Verus chose the most drastic course of action: announcing a network pause, taking most block production nodes offline, and implementing a "full network emergency stop" to prevent further spread of the risk. The officials initially attributed the incident to security vulnerabilities in the cross-chain contract, yet as of now, they have not provided a publicly verifiable explanation of the specific technical details. This means that the outside world can only roughly judge that the problem lies in the weak design of the cross-chain information verification process, making it difficult to accurately pinpoint the exploited loophole. Until the technical reasons are thoroughly clarified, the scene of "contract compromise, network forced to halt" alone is enough to shake users' confidence in the cross-chain security of Verus.

Bounty Offer: Turning Hackers into White Hats?

After pausing the network and admitting that the cross-chain contract had been compromised, Verus's next step was not a hardline approach but publicly laying out conditions: if the attacker returns the stolen assets, the project team is willing to pay a bounty for the vulnerability. The statement strongly condemned the attack while also leaving an avenue for the attacker to exit with "white-hat" dignity. This seemingly contradictory stance is essentially a game—Verus uses the public bounty promise to tell the attacker: under the premise that on-chain funds are traceable and monetization channels are limited, continuing to hold onto 11.58 million USD worth of stolen goods may not necessarily be the most profitable decision; instead, turning "white hat" may be the option with the least long-term risk.

This "post-incident bounty to recover funds" path has been adopted multiple times in cross-chain bridges and DeFi attacks. The most recent typical case was the previous day's Adshares incident: according to PeckShield monitoring, the attacker finally returned 256 ETH to the project deployment address, accounting for approximately 86% of the stolen funds, and the outside world generally regarded it as a sample of combining negotiation and a bounty to mitigate losses. Because of this prior example, Verus chose to quickly propose a bounty, hoping to use the same script to pull their opponent from "black hat" back into a negotiable entity. However, as of now, there is no public information indicating that the Verus attacker has established communication with the project, nor has there been any return of funds to the chain. For the community, the bounty proposal somewhat alleviated emotions, proving that the team did not give up, but with funds not yet recovered and technical reasons still undisclosed, it feels more like a public bet on the rationality of the attacker, making it difficult to truly restore external confidence in Verus's cross-chain security.

The Day Before, 86% Returned Becomes a Reference

Just a day before Verus was attacked, another cross-chain bridge provided a dramatically "precedent". On May 17, 2026, the Adshares cross-chain bridge experienced an attack, with preliminary losses estimated at around 628,000 USD; however, according to PeckShield monitoring, after the fact, the attacker returned 256 ETH to the Adshares project deployment address, about 86% of the stolen funds. Adshares subsequently viewed this returned fund as a result of "reconciliation" with the attacker, and the outside world commonly categorized it as a case of mitigating losses through negotiation and bounty strategies, while the project team did not elaborate further on pursuing responsibility from the attacker in public information.

Because Adshares's "refund for bounty" had just completed a closed-loop right before the Verus incident erupted, it was almost naturally used as a realistic reference for Verus's current negotiation strategy: one side faced the same vulnerability issue while being attacked, and the other had just stopped the bleeding by returning most of the funds, providing onlookers with a clear psychological sample—if someone returned 86% of the funds the previous day, then today the bounty conditions offered by Verus might also bring a similar return. From a broader perspective of cross-chain bridge teams, such precedents provide both a visible operational template, reinforcing expectations for "timely proposals for reconciliation and bounty conditions, attempting to recover assets on-chain," and also rapidly materializing market imaginations around negotiations after attacks. In future instances of cross-chain bridge attacks, the community and attackers will instinctively compare negotiation chips to cases like Adshares to gauge how much assets they can still recover.

Attacks Continue as Scams Emerge: Victims Targeted Again

While the public's focus shifted to whether "the attacker would learn from Adshares' refund," another attack path quietly unfolded: social engineering scams impersonating officials. Alongside the announcement of the cross-chain bridge theft, Verus unusually placed anti-fraud warnings front and center, clearly cautioning the community: anyone claiming to represent the Verus team or community in public channels, private messages, or other venues, and offering "compensation" or "refund plans," are scammers. The officials urged users not to interact with such accounts claiming to "assist with refunds" to avoid handing over the last line of defense before the assets have been recovered.

This is not an isolated phenomenon. Past DeFi and cross-chain security events have proven that once keywords like "hacked" and "compensation" rapidly spread in the community, a temporal gap occurs between the dissemination of attack information and user panic, and it is during this window that phishers and impersonating project teams concentrate their efforts—manufacturing "forms to register victim information," pretending to be "official airdrop compensation" links, and demanding authorization signatures under the guise of "refund assistance," typically surfacing en masse shortly after the incident occurs. For the average user, the self-protective bottom line in such scenarios is quite clear: any operations related to funds should only be conducted through known official public channels, and any "staff" proactively reaching out to add friends, send links, request wallet connections, or demand private keys or recovery phrases should be assumed as scammers, regardless of the terms like "compensation," "bounty," or "refund." During the phase when technical vulnerabilities have not been thoroughly clarified and the movement of funds remains unclear, maintaining this bottom line often determines whether a systemic incident evolves into an irreparable personal disaster.

After Frequent Breaches in Cross-Chain Bridges, Can We Still Trust Cross-Chain Transactions?

Bringing the timeline back to mid-May, Adshares was breached on the 17th, with some funds returned post-negotiation, and just the following day, the Verus cross-chain bridge suffered a loss of approximately 11.58 million USD due to security vulnerabilities. Since 2026, many similar incidents have been publicly reported, and these two are just the latest examples occurring in close succession. The essence of cross-chain bridges is to facilitate asset mapping and locking between different chains; once the contract is compromised, it often leads to substantial losses and prolonged service interruptions. With the increase in the size of assets on bridges and the complexity of systems, the quality of security audits, proactive contingency plans, and post-incident information disclosure and communication strategies are all under scrutiny. Continuing variables worth observing include whether the funds stolen from Verus can be partially recovered like those from Adshares, whether the project team can provide a technical review report that withstands verification by security institutions and the community, and whether this string of incidents will continue to erode user trust in cross-chain products. Until these key questions have clear answers and the structural risks of cross-chain bridges show verifiable declines, both users initiating cross-chain operations and project teams launching new cross-chain solutions must treat this as a high-risk segment, applying heightened vigilance and stricter security boundaries to every cross-chain signature.

Join our community, let's discuss, and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
AiCoin on-chain: https://aicoin.com/hyperliquid
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。