The returned Verus bridge funds have now been converted back into the original currencies for reintegration into the Verus network.
The Verus recovery address currently holds 1,194.86 ETH (73.51% recovered), 76.0321 tBTC (73.41% recovered), and 147,727.67 USDC (100% recovered as discussed in the community meetings).
One issue we noticed is that some DEX interfaces have blocked the Verus return/recovery address. This address is not the attacker’s wallet. It is the community recovery address holding community funds.
We ask @Uniswap (your compliance department has been notified, we are still waiting for a response) @1inch@blockaid_ to review and correct the classification of the Verus recovery address (0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74).
We ask the community to help by tagging relevant DEX interfaces, wallets, block explorers, and tracking services below, so the Verus recovery address is correctly recognized across the ecosystem.
0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74
@MastrXYZ Building out p2p tech to solve the problems we have with web2.
I made this with @VerusCoin where both the lender and borrower presign atomic transactions at the point of agreement and the borrower holds all the power to repay.
From Discord:
We can confirm that 4052.4 ETH (around 75% of the stolen funds) have been returned to the funds return address by the bridge exploiter, and are now controlled by members of the Verus community. While we are hard at work on a plan to reintegrate those funds into the bridge and restore DeFi functionality, we would like to address a few key questions we have been seeing across public discussion and social media, invite everyone to participate in the community meeting taking place today at 19:00 UTC time [on Discord], discuss the plan going forward, and reflect a little on the events of the last few days.
Firstly, we would like to announce that we will be following our end of the publicly posted terms: we are ceasing any investigation we were previously conducting, and will not be pursuing the exploiters further or pressing charges. The 1350 ETH has been moved to another address by the exploiter, is a bounty and not viewed by us as stolen funds. To those asking how we came to the amount offered as the bounty, it was an amount that, along with the reduction of risk to them by considering this a bounty, we believed would be most likely to result in a return of funds. Out of respect for our end of the terms, we will not be engaging in discussion regarding the negotiation process.
Secondly, we need to acknowledge and learn from this experience as a community broadly, if we want a long and prosperous future for Verus as a project. Our success or challenges affect everyone in the community, and others indirectly through them. As mentioned in our breakdown of the exploit, it was both sophisticated and statistically fortunate. However, it was ultimately possible due to a chained together series of difficult to exploit software bugs, that on their own, could be considered minor. The few community developers that could have detected and fixed those issues before this event have been working, oftentimes as volunteers, tirelessly now for more than 8 years to bring the vision behind Verus to fruition. Although a small and appreciated number of core community members have listened and understood repeated attempts to sound the alarm about the need to fund development and continuous strengthening of a protocol as revolutionary as Verus, these discussions have often been overshadowed by marketing or other priorities first, even though the protocol, with unique capabilities and robustness, along with a breadth of core contributors make up the bedrock on which everything rests. Development donations even just to Valu's matching (Valu has offered to match up to 20k $ per month), a funded bug bounty program, or one or more extra pairs of skilled eyes developing on the Verus codebase may have enabled identifying and preventing this issue before it began, and would have cost a lot less than 3 million $. Although not exciting to hear or discuss, funding solid, sustainable development is as important as ever in the coming age of AI enabled exploits and quantum computing.
Finally, we would also like to mention that those looking to market or advertise themselves or their services (however well intentioned), whether that is auditing, investigation, etc. refrain from doing so in today's community meeting, and reach out to @lyonsnicholas1 ["Consilience" on Discord] directly instead. Today will be a chance to discuss how we plan to move forward from this event, and address any further questions regarding the incredibly stressful last few days. Although we can all breath a bit easier with the funds return having taken place, the hardest work to do to get Verus back on track is still ahead of us. Thank you all and we hope to see you here in the Verus Discord for today's community meeting at 19:00 UTC.
@defi_alert_next It was definitely a little more sophisticated than that. Attack vectors are certainly becoming more advanced. Be careful out there https://t.co/e6onrdKFHh
Verus community update: The bridge exploit has taken a positive turn today. The attacker reportedly returned about $8.5M in ETH after a bounty agreement, and the team is continuing to work through recovery and next steps. Stay tuned for official updates as we rebuild stronger.
#verus #hacker #ethicalhacker #blockchain
JUST IN: The Verus Bridge exploiter has returned 4,052 $ETH ($8.5M) after draining $11.58M from the protocol.
The returned funds represent 75% of the stolen assets, leaving 25%, or 1,350 $ETH ($2.8M), as a bounty, per PeckShield.
Everyone knows that @VerusCoin bridge got hacked a few days ago.
I posted the discord message as a way to laugh at myself yesterday. Well it seems like we live in the right universe!
4052 ETH returned!
Prayers answered 🙏
The requested amount, within the deadline set by the Verus community, has been returned. The way this community came together in such a moment is extraordinary. We have remarkable and wonderful people from all over the world. $VRSC
https://t.co/Dzj8O8WIYy
To the Verus<->Ethereum Bridge Exploiter:
Members of the Verus community and its developers have discussed a set of terms, detailing the size of the bounty, obligations from your side and ours, and how the funds can be returned.
1. We have agreed that the bounty amount will be 1350 ETH. If you adhere to these terms, we will consider these 1350 ETH a reward for your exposing of a vulnerability, and we would publicly request to all interested parties that the 1350 ETH be considered your legitimate bounty.
2. If the funds are returned to the address 0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74, minus 1350 ETH, meaning a total return of 4052.4 ETH within 24 hours after this post, Verus community members and developers, and everyone we currently know to be involved in investigating the event, will halt any existing investigations into you to the best of our ability, and we will not press charges or pursue extralegal consequences. We will consider the address that holds 1350, either as change or if still in the source as the bounty address.
If you return a total of 4052.4 ETH to the address 0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74 within the 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation into you, not initiate new investigation of you, not press charges, and not seek additional consequences. We will also post a public acknowledgement, referencing the 1350 ETH and publicly state that we consider those funds to be your bounty. If further communication is required to come to an agreement, please refer to the following contact points, as mentioned in previous messages:
email: [email protected]
z-address on Verus (for encrypted memo communication): zs1wl6e6qe8z8n8t8jp4qxek5ey53t9xajzwxc75gj72wrcwuq6ha4mdg0v8p6z8wpkz2fhxrqlayc
For confirmation that this offer is coming from the Verus Community, you can see the same message posted on the Verus Discord, in the announcements channel.
I dedicated most of the last two years of my time, toward realizing Verus’s DREAM app encryption model
Because I truly believe it can be the backbone for a safer internet
This entailed: learning full stack mobile development, zcash-style note encryption, and zip32 key management for the first time
while upgrading a rust backend, SDKs for both mobile platforms, a golang layer for lightwalletd, integrating these seamlessly with an existing mobile app, forging upgrade paths where none existed, & preserving backwards compatibility
The end result also now gives us easily attainable upgrades paths to: orchard, HD transparent addresses, and some other key scope privacy improvements too
Zcash R&D team was very helpful, but even they admitted the sheer volume of differences was hard to elucidate clearly
We are finally there. I’m quite proud of the work, and now have tons of experience at all levels of stack
Take some time to watch Michael Toutonghi’s Keynote Presentation, where he explains very cogently why you, too, should care
There are many reasons that I chose to spend my time learning and implementing on Verus. All the claims made are - put simply - gloriously true
Just updated my VerusID middleware for @VerusCoin to include a extra lite mode, just calling a few APIs and 20 loc, and you can get verifiable onchain logins.
No need for the daemon, no need for an ID, always verifiable.
Want to mine $VRSC on a Raspberry Pi 5 but intimidated by the Linux command line? 🛑💻
We just dropped a full NO CODING guide to get your node synced and mining entirely through the GUI.
Check it out: 👇 https://t.co/NkZ05BDDvo
@VerusCoin@VerusCommunity#Verus#SBC #miningrig #cryptomining #veruscoin #RaspberryPi
@MikeToutonghi presentation on Verus DREAM apps from Paris Blockchain Week.
This is one of the most important advancements in decentralized systems that got overlooked because most were paying attention to the hacks on other protocols.
https://t.co/BHF4txW4QL
Junction41[DOT]io
Infrastructure for the agent economy. Being built on Verus and live on testnet now.
Few realize just how much better Verus is for the Agentic world, for both humans and AI, than any other system in existence.
Humans may not have understood the power of Verus yet, but the agents will get it before they do. When that momentum gets going the regret for passing on $VRSC sub $5.00 will be high. It’s coming🚀
$ZEC $BTC $ETH Hermes OpenClaw