TLDR
- Cross-chain protocol Gravity Bridge lost ~$5.4 million on Saturday in a suspected signing key compromise
- Stolen assets included $4.3M in USDC, wrapped ether, USDT, and PAXG tokens
- Attacker moved funds through ChangeNow and Binance; ~2,100 ETH (~$4.23M) still held in theft wallet
- Gravity Bridge halted operations and asked validators to stop while investigation continues
- Researchers link the breach to the authorization layer, not a flaw in smart contract code
Gravity Bridge, a cross-chain protocol connecting Ethereum and the Cosmos ecosystem, was drained of roughly $5.4 million early Saturday. Security researchers believe a compromised signing key — not a bug in the code — allowed the attack.
It appears the @gravity_bridge bridge contract key may have been compromised, resulting in the theft of $5.4M.
The attacker drained the following assets:
USDC: $4.3M
WETH: 274 ETH (~$553K)
USDT: $434K$PAYG: $64KTheft addresses:
0x7B582033061b96cC3F9421e73a749ED7C62da1F9… pic.twitter.com/nX81rsZYGp
— Specter (@SpecterAnalyst) May 30, 2026
On-chain analyst Specter first flagged the unusual withdrawals. Security firm PeckShield later confirmed the incident and published a breakdown of the stolen funds.
What Was Stolen
According to PeckShield, the attacker took approximately $4.3 million in USDC, 274 wrapped ether worth around $553,000, $434,000 in USDT, and 14.16 PAXG tokens worth about $64,000.
#PeckShieldAlert The @gravity_bridge has been drained of ~$5.4M, including $4.3M $USDC, 274 $ETH (~$553K), $434K $USDT & 14.164 $PAYG ($64K)
The hacker has laundered a portion of the stolen assets through #ChangeNow & #Binance, and is still holding 2.102K $ETH (~$4.23M). pic.twitter.com/NJSNqc0G78
— PeckShieldAlert (@PeckShieldAlert) May 30, 2026
The funds were moved to a wallet ending in 7C62da1F9. Specter identified the affected contract as an address ending in 1F2D906.
The attacker began moving funds almost immediately after the drain. PeckShield reported that a portion had already been laundered through instant-swap service ChangeNow and through Binance.
At the time of PeckShield’s report, the theft wallet still held around 2,100 ETH, worth approximately $4.23 million. A separate wallet snapshot shared by Specter showed a related address holding roughly $4.16 million in ether.
How Gravity Bridge Works
Gravity Bridge locks tokens on Ethereum and mints mirrored versions on Cosmos. Validator signatures authorize each transfer across the bridge.
Specter’s early assessment suggested that an attacker who controls enough valid signing keys can make unauthorized withdrawals appear legitimate to the system. This points to a failure at the authorization layer rather than in the contract logic itself.
The Gravity team posted on X confirming an “unfortunate incident” and asked validators and orchestrators to halt operations while it investigates. The bridge is currently paused.
No postmortem has been released. The exact entry point — whether through validator infrastructure, private keys, or another weakness — remains unconfirmed.
A Pattern in 2026 Bridge Attacks
If the signing key theory is confirmed, the Gravity Bridge incident follows a pattern seen in other 2026 bridge attacks. Similar key-management failures appeared in the Kelp DAO and Resolv exploits earlier this year.
TRM Labs has reported that bridge attacks remain a major source of crypto losses in 2026. April was the most-hacked month on record.
At $5.4 million, this loss is smaller than some past bridge breaches. The $190 million Nomad exploit in 2022 and the $81.5 million Orbit Bridge hack in 2024 remain among the largest in the category.
Gravity Bridge was built with contributions from the Althea team and is secured by its native Graviton (GRAV) token. The team has not said when the bridge will reopen or provided further detail on the investigation.
