A Cosmos-based cross-chain protocol Gravity Bridge suffered a security breach early Saturday that drained about $5.4 million in crypto assets, prompting the team to halt the bridge while an investigation is under way, according to blockchain security analysts.
What happened
Blockchain sleuth Specter first flagged the suspicious outflows, which were later confirmed by security firm PeckShield. The unauthorized withdrawals were linked to a wallet ending in 7C62da1F9.
The stolen funds included:
- roughly $4.3 million in USDC
- 274 wrapped ether (about $553,000)
- around $434,000 in tether (USDT)
- 14.16 PAXG tokens worth about $64,000
PeckShield’s on-chain data shows the attacker began moving the assets almost immediately after the breach. Part of the haul was routed through instant-swap service ChangeNow and Binance, while about 2,100 ETH — valued near $4.23 million — remains parked in the attacker’s wallet.
Suspected attack vector
Preliminary analysis points to compromised validator signing keys, rather than a bug in the underlying smart contracts.
Gravity Bridge works by locking assets on Ethereum and minting corresponding tokens on Cosmos-based chains. Each cross-chain transfer needs signatures from validators. Researchers say that if enough validator keys are exposed, an attacker can generate fraudulent withdrawals that appear valid to the system.
In this incident, analysts believe the attacker exploited that operational weakness, forging approvals that allowed them to drain funds without triggering standard safeguards.
Project response
The Gravity Bridge team acknowledged what it called an “incident” and advised validators to halt operations. Developers said the bridge has been fully paused while they work to locate the breach and understand the exact mechanism used.
As of now, no detailed postmortem or formal public report has been released, and the project has not confirmed how many validator keys were affected or how they were compromised.
Part of a broader trend
If confirmed as a key-compromise event, the Gravity Bridge exploit would add to a growing series of bridge-related thefts this year in which attackers target off-chain key management and operational security instead of smart contract logic.
Similar exposures have been highlighted in recent attacks on other decentralized protocols, including cases involving Kelp DAO, Resolv, and the roughly $11.5 million Verus-Ethereum bridge exploit.
Rising losses from bridge hacks
While the $5.4 million loss is modest compared with the largest exploits of the year, it underscores the continuing risk around cross-chain infrastructure in 2026.
PeckShield data indicates that by mid-May 2026, eight major cross-chain bridge attacks had already caused around $328.6 million in losses. TRM Labs and other analytics firms have noted that bridge platforms remain among the most lucrative targets for cybercriminals, contributing heavily to an industry-wide theft total measured in the billions.
Outlook
Gravity Bridge, developed with contributions from the Althea team and powered by its native GRAV token, has not yet outlined a remediation plan, compensation approach, or changes to validator security procedures.
Until the project clarifies the root cause and adopts stronger controls around key management and validation, cross-chain activity through the bridge is expected to remain suspended, and traders are likely to treat related assets and routing paths with heightened caution.
To strengthen your defenses after bridge exploits like this, learn essential crypto safety practices every active trader should follow.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
