Hassan Maishera
TL;DR
-
Cross-chain protocol Gravity Bridge was drained of about $5.4 million early Saturday.
-
Researchers suspect a compromised bridge signing key or keys rather than a flaw in the protocol’s code.
Cross-Chain Protocol Halts Operations Following Security Breach
Gravity Bridge, a cross-chain protocol connecting Ethereum and the Cosmos ecosystem, has suffered a security breach resulting in the loss of approximately $5.4 million in digital assets. The incident, which occurred early Saturday, is believed to have stemmed from compromised validator signing keys rather than a vulnerability in the bridge’s smart contract code.
The suspicious activity was initially identified by on-chain analyst Specter and later confirmed by blockchain security firm PeckShield. According to early findings, attackers may have gained access to the bridge’s signing infrastructure, enabling them to authorize and execute unauthorized withdrawals.
It appears the @gravity_bridge bridge contract key may have been compromised, resulting in the theft of $5.4M.
— Specter (@SpecterAnalyst) May 30, 2026
The attacker drained the following assets:
USDC: $4.3M
WETH: 274 ETH (~$553K)
USDT: $434K$PAYG: $64K
Theft addresses:
0x7B582033061b96cC3F9421e73a749ED7C62da1F9… pic.twitter.com/nX81rsZYGp
Millions Drained Across Multiple Assets
PeckShield’s analysis shows that the stolen assets included:
-
Approximately $4.3 million in USDC
-
274 wrapped ETH valued at around $553,000
-
Roughly $434,000 in USDT
-
14.16 PAXG tokens worth about $64,000
The funds were reportedly transferred to a wallet address ending in 7C62da1F9. Specter identified the affected contract as one ending in 1F2D906.
Following the discovery of the exploit, the Gravity Bridge team acknowledged the incident in a statement shared on X.
“There was an unfortunate incident on Gravity,” the team wrote, urging validators to immediately halt their validators and orchestrators while investigations were underway.
In a subsequent update, the project confirmed that bridge operations had been suspended as security teams worked to determine the cause and extent of the breach.
The attacker began transferring the stolen assets shortly after the exploit occurred. According to PeckShield, portions of the funds have already been routed through the instant-swap platform ChangeNow and cryptocurrency exchange Binance in an apparent effort to launder the proceeds.
At the time of reporting, the attacker-controlled wallet was still holding approximately 2,100 ETH worth around $4.23 million. Separate data shared by Specter through Arkham Intelligence showed a related wallet containing roughly $4.16 million in ether.
Suspected Compromise of Validator Authorization Layer
Gravity Bridge facilitates asset transfers by locking tokens on Ethereum and minting corresponding representations of those assets within the Cosmos ecosystem. Validator signatures are required to authorize withdrawals and transfers between networks.
Security researchers believe the exploit likely occurred at this authorization layer. If an attacker gains control of enough validator signing keys, fraudulent withdrawals can be processed as legitimate transactions by the system.
This scenario aligns with early assessments that the breach was not caused by a flaw in the bridge’s smart contract code but rather by compromised credentials used to validate transfers.
If confirmed, the Gravity Bridge exploit would join a growing list of bridge attacks in 2026 that have been linked to key management failures rather than coding vulnerabilities.
Similar patterns emerged in the exploits affecting Kelp DAO and Resolv earlier this year, where attackers targeted authorization mechanisms despite the underlying smart contracts having undergone audits.
Verus Ethereum also faced an exploit that targeted its Ethereum bridge, with attackers draining roughly $11.58 million in crypto assets.
Although the $5.4 million loss is relatively small compared to some of the industry's largest bridge exploits, the incident adds to a surge in crypto-related security breaches throughout 2026.
According to blockchain analytics firm TRM Labs, April became the most active month for hacks on record, with bridge protocols remaining one of the most attractive targets for attackers. The sector has experienced numerous high-profile incidents over the years, including the $190 million Nomad exploit in 2022 and the $81.5 million Orbit Bridge hack in 2024.
Investigation Ongoing
Gravity Bridge, developed with contributions from the Althea team and secured by its native GRAV token, has not yet published a detailed postmortem explaining how the breach occurred.
As investigations continue, the exact attack vector remains unconfirmed, and representatives from Gravity Bridge and Althea have yet to provide additional public comments regarding the incident.
