Exploiter Sends Back Most Of The Stolen Funds
The Adshares bridge incident has shifted into recovery mode after PeckShield flagged a 256 ETH refund from the exploiter to the deployer address. The returned ETH was worth about $540,700 at the time of the alert and represented roughly 86% of the funds stolen from the May 17 attack.
The return sharply improves the recovery picture. The original incident was estimated at about $628,000, and 256 ETH now covers most of that amount. The remaining balance may be tied to a negotiated bounty or repayment terms, although Adshares has not confirmed that yet. The team still needs to clarify how the returned funds will be handled, whether any users or liquidity providers were affected, and whether the bridge is safe to use again.
The May 17 exploit centered on the Adshares bridge and wrapped ADS on Ethereum. Earlier reporting on the Adshares bridge exploit traced the suspected attack to fake wADS minting, after a bridge-minter externally owned account allegedly signed three wrapTo() calls tied to native-chain transaction IDs that did not exist. Those mint calls reportedly let the attacker create unbacked wrapped ADS, sell into available liquidity and exit into ETH and USDC.
Refund Does Not Yet Explain The Failure Path
The returned ETH reduces the damage, but the security questions remain focused on the bridge’s validation layer. A wrapped-asset bridge depends on a simple economic promise: tokens minted on one chain should be backed by valid lock, burn or reserve activity on another chain. If a bridge accepts invalid transaction references, signed messages or incomplete proofs, the destination chain can receive supply that is not backed by the native asset.
Adshares markets itself as a blockchain payment protocol for digital advertising, with ADS used across its adtech ecosystem and wrapped versions operating on other networks. In that model, bridge integrity is not a side detail. It protects the link between native ADS, wrapped ADS, liquidity pools and users who trade or hold the token outside the native environment.
Adshares had not published a detailed public postmortem identifying the exact failure path, affected contracts, final loss treatment or bridge-status changes at publication time. The size and speed of the return leave room for several possibilities, including a white-hat disclosure, a negotiated recovery, a bounty arrangement or a staged repayment. None of those scenarios has been confirmed publicly, so the strongest verified update remains the recovery movement itself: PeckShield tracked a major refund, while the technical explanation for how unbacked wADS was minted or moved still needs a project-level accounting.
Bridge Security Remains The Main Market Issue
The Adshares case is smaller than the largest bridge incidents, but the mechanics matter because fake minting attacks strike directly at wrapped-asset trust. Traders and liquidity providers do not only need to know whether funds were returned. They need to know whether the bridge was paused, patched, key access was rotated, liquidity was restored, affected pools were rebalanced and any remaining exposure was isolated.
The refund creates a better recovery picture without removing the operational risk. A cooperative return can limit losses quickly, especially if the actor is negotiating or acting under white-hat terms, but the same contracts, keys or validation workflow may remain risky until the project confirms what changed. Bridge users still need concrete updates on affected transactions, the returning wallet, any bounty or settlement terms, remaining balances and whether deposits, withdrawals or wrapping functions are safe to use again.
Be the first to comment