.png){kind=logo}
Gravity Bridge suffered a major exploit that drained about $5.4 million in digital assets, according to blockchain security researchers. The cross-chain protocol halted bridge operations after the incident and told validators to stop their validators and orchestrators while investigators reviewed the breach.
On-chain analyst Specter first spotted unusual outflows from the protocol. Specter said the bridge’s contract key may have been compromised, which may have allowed an attacker to withdraw funds without authorization.
PeckShield later reported the stolen assets in more detail. The firm said the attacker took about $4.3 million in USDC, 274 Wrapped Ether worth about $553,000, around $434,000 in USDT, and 14.164 PAX Gold tokens worth about $64,000.
PeckShield said some of the stolen assets had already moved through ChangeNow and Binance. Those transfers may have formed part of efforts to move or obscure the stolen funds.
Even so, PeckShield said the primary theft wallet still held about 2,102 ETH, worth roughly $4.23 million at the time of the report. That remaining balance gave exchanges and compliance teams a chance to flag or freeze the funds.
Gravity Bridge later acknowledged the exploit on social media. The team asked validators to stop both validators and orchestrators while it investigated the incident.
Gravity Bridge connects the Ethereum and Cosmos ecosystems. It lets users move assets from Ethereum to Cosmos wallets and decentralized exchanges like Osmosis.
It also supports the reverse path. Users can move Cosmos-native assets back to Ethereum-based platforms, including decentralized exchanges like Uniswap.
Unlike bridge designs that rely on a small group of operators, Gravity Bridge uses a broader validator set to authorize transfers. The project describes that structure as one of the more decentralized bridge models in the blockchain sector.
Read More: North Korea's Crypto Hack Surge Put Drift and Kelp DAO in Focus
The exploit arrived during a month already marked by bridge attacks. On May 18, the Verus-Ethereum bridge lost $11.5 million after a verification bypass exploit, according to DefiLlama’s hacks database.
DefiLlama data also shows that bridges account for $3.2 billion of the $16.6 billion in total crypto value hacked historically. Gravity Bridge held about $6.2 million in total value locked at the time of reporting, so the drain removed most of the protocol’s remaining value.
For now, users have no official guidance beyond the halt. The incident left the remaining ETH in a known address, which may help exchanges monitor the funds as the investigation continues.
Gravity Bridge suffered a major exploit that drained about $5.4 million in USDC, WETH, USDT, and PAXG after a suspected contract key compromise. The team halted bridge operations and asked validators to stop activity as the investigation continues and the remaining funds are tracked.
