From a vision paper to a full realisation. $VRSC pave the way to decentralized and trustless bridge. #DeFi
don't be lurred, keep custody of your funds with the Verus-ETh bridge.
https://t.co/f33uPfgV7C
The returned Verus bridge funds have now been converted back into the original currencies for reintegration into the Verus network.
The Verus recovery address currently holds 1,194.86 ETH (73.51% recovered), 76.0321 tBTC (73.41% recovered), and 147,727.67 USDC (100% recovered as discussed in the community meetings).
One issue we noticed is that some DEX interfaces have blocked the Verus return/recovery address. This address is not the attacker’s wallet. It is the community recovery address holding community funds.
We ask @Uniswap (your compliance department has been notified, we are still waiting for a response) @1inch@blockaid_ to review and correct the classification of the Verus recovery address (0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74).
We ask the community to help by tagging relevant DEX interfaces, wallets, block explorers, and tracking services below, so the Verus recovery address is correctly recognized across the ecosystem.
0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74
From Discord:
We can confirm that 4052.4 ETH (around 75% of the stolen funds) have been returned to the funds return address by the bridge exploiter, and are now controlled by members of the Verus community. While we are hard at work on a plan to reintegrate those funds into the bridge and restore DeFi functionality, we would like to address a few key questions we have been seeing across public discussion and social media, invite everyone to participate in the community meeting taking place today at 19:00 UTC time [on Discord], discuss the plan going forward, and reflect a little on the events of the last few days.
Firstly, we would like to announce that we will be following our end of the publicly posted terms: we are ceasing any investigation we were previously conducting, and will not be pursuing the exploiters further or pressing charges. The 1350 ETH has been moved to another address by the exploiter, is a bounty and not viewed by us as stolen funds. To those asking how we came to the amount offered as the bounty, it was an amount that, along with the reduction of risk to them by considering this a bounty, we believed would be most likely to result in a return of funds. Out of respect for our end of the terms, we will not be engaging in discussion regarding the negotiation process.
Secondly, we need to acknowledge and learn from this experience as a community broadly, if we want a long and prosperous future for Verus as a project. Our success or challenges affect everyone in the community, and others indirectly through them. As mentioned in our breakdown of the exploit, it was both sophisticated and statistically fortunate. However, it was ultimately possible due to a chained together series of difficult to exploit software bugs, that on their own, could be considered minor. The few community developers that could have detected and fixed those issues before this event have been working, oftentimes as volunteers, tirelessly now for more than 8 years to bring the vision behind Verus to fruition. Although a small and appreciated number of core community members have listened and understood repeated attempts to sound the alarm about the need to fund development and continuous strengthening of a protocol as revolutionary as Verus, these discussions have often been overshadowed by marketing or other priorities first, even though the protocol, with unique capabilities and robustness, along with a breadth of core contributors make up the bedrock on which everything rests. Development donations even just to Valu's matching (Valu has offered to match up to 20k $ per month), a funded bug bounty program, or one or more extra pairs of skilled eyes developing on the Verus codebase may have enabled identifying and preventing this issue before it began, and would have cost a lot less than 3 million $. Although not exciting to hear or discuss, funding solid, sustainable development is as important as ever in the coming age of AI enabled exploits and quantum computing.
Finally, we would also like to mention that those looking to market or advertise themselves or their services (however well intentioned), whether that is auditing, investigation, etc. refrain from doing so in today's community meeting, and reach out to @lyonsnicholas1 ["Consilience" on Discord] directly instead. Today will be a chance to discuss how we plan to move forward from this event, and address any further questions regarding the incredibly stressful last few days. Although we can all breath a bit easier with the funds return having taken place, the hardest work to do to get Verus back on track is still ahead of us. Thank you all and we hope to see you here in the Verus Discord for today's community meeting at 19:00 UTC.
JUST IN: The Verus Bridge exploiter has returned 4,052 $ETH ($8.5M) after draining $11.58M from the protocol.
The returned funds represent 75% of the stolen assets, leaving 25%, or 1,350 $ETH ($2.8M), as a bounty, per PeckShield.
Seems like the Verus-Ethereum bridge hacker gave back the funds minus the proposed 1350 ETH bounty. Not a bad payday for them. Glad Verus can continue to build with most of the liquidity returned and intact. Onwards we go! @VerusCoin
#PeckShieldAlert The @veruscoin Bridge exploiter has returned 4,052.4 $ETH (~$8.5M) to the team address: 0xF9AB...C1A74.
The returned funds represent 75% of the stolen total, leaving a 25% bounty (1,350 $ETH, ~$2.8M) in the exploiter's wallet.
Well the @VerusCoin bridge hacker has returned the funds, minus the agreed bounty. 4052 ETH returned. He can enjoy the money in peace and the vulnerability has been exposed and will soon be fixed.
Wow I can’t lie that is a big move from Verus
Offering the hacker $2.8M if they return the $11M they took
A legal $2.8M I’d be shocked if they don’t take it
For what it is worth: I do believe Verus can overcome these circumstances. Looking back, I am confident this can become nothing more than a distraction
The mission still matters, and the people writing code in this ecosystem are strong enough to devise solutions
Nothing about the bridge hack shakes my confidence in the identity protocol, the encryption features, usefulness of blockchain as a sovereign personal database with authentication, or Verus PBaas more generally. It does shake my confidence even further in smart contracts
Verus will continue to have my time moving forward, and issues related to the Ethereum Bridge are actively being addressed by folks who aren’t me
The proposed solution is a unique one, and while I’m not sure which path will be taken - it looks like it will also be the first of its kind in terms of patch + exploit recovery
Anyone here or in DM (or anywhere) claiming to be part of the Verus team or community offering reimbursement is a scammer, DO NOT ENGAGE WITH PEOPLE OFFERING REIMBURSEMENT OR CLAIMING THERE IS A REIMBURSEMENT PROGRAM, AND REPORT THEM TO DISCORD or X accordingly.
I dedicated most of the last two years of my time, toward realizing Verus’s DREAM app encryption model
Because I truly believe it can be the backbone for a safer internet
This entailed: learning full stack mobile development, zcash-style note encryption, and zip32 key management for the first time
while upgrading a rust backend, SDKs for both mobile platforms, a golang layer for lightwalletd, integrating these seamlessly with an existing mobile app, forging upgrade paths where none existed, & preserving backwards compatibility
The end result also now gives us easily attainable upgrades paths to: orchard, HD transparent addresses, and some other key scope privacy improvements too
Zcash R&D team was very helpful, but even they admitted the sheer volume of differences was hard to elucidate clearly
We are finally there. I’m quite proud of the work, and now have tons of experience at all levels of stack
Take some time to watch Michael Toutonghi’s Keynote Presentation, where he explains very cogently why you, too, should care
There are many reasons that I chose to spend my time learning and implementing on Verus. All the claims made are - put simply - gloriously true
@gainzy222 Verus $VRSC D.R.E.A.M. apps
-Decentralized
-Rights-preserving
-Encrypted
-Application
-Model
A major one deploying will be a Social Media Network built from the ground up to leverage Verus unparalleled tech. Other game changers in the works too.
https://t.co/ceoqRLBq5D