top of page
Search

🚨 Gravity Bridge Drained $5.4M in Suspected Signing Key Compromise

  • Writer: Gator
    Gator
  • 50 minutes ago
  • 2 min read
🚨 Gravity Bridge Drained $5.4M in Suspected Signing Key Compromise

Gravity Bridge — the cross-chain protocol connecting Ethereum to the Cosmos ecosystem — was drained of $5.4 million today after attackers exploited what blockchain security firms believe was a compromised signing key. This isn't a smart contract bug; it looks like someone got access to the keys that validate transactions across the bridge.

What Got Taken

PeckShield was first to flag the suspicious outflows. The breakdown: $4.3M in USDC, 274 ETH (~$553K), $434K in USDT, and $64K in PAYG tokens. Total haul: $5.4 million. Two Ethereum addresses linked to the attacker (0x7B..a1F9 and 0x4d..7A47) have already laundered a portion through ChangeNow and Binance — but the hacker is still sitting on roughly 2,102 ETH worth around $4.23M.

How Did They Pull It Off?

Gravity Bridge works by locking tokens on Ethereum and minting mirror versions on Cosmos chains, with validator signatures authorizing each transaction. If an attacker gains control of those signing keys, they don't need to break any code — they can just submit valid-looking withdrawal requests. That appears to be exactly what happened here. Analysts pointed to a breach at the authorization or validator level, not a typical exploit of a coding flaw.

"It appears the Gravity Bridge contract key may have been compromised, resulting in the theft of $5.4M." — Specter (@SpecterAnalyst)

Why This Keeps Happening

Cross-chain bridges are the most attacked infrastructure in crypto — and the numbers back that up. PeckShield tracked eight major bridge exploits just through May 18, 2026, totaling roughly $328.6M in losses. This Gravity Bridge hit brings that figure higher still. Earlier this month, MAP Protocol and ButterNetwork lost funds through a message verification flaw that let attackers mint nearly one quadrillion MAPO tokens. Stake DAO also reported an unauthorized minting incident on Arbitrum. The pattern is consistent: attackers are targeting the trust layer — validator keys, signing paths, governance systems — not just vulnerable Solidity.

What's Next

Gravity Bridge has not released a full postmortem yet. The attacker still controls the majority of the stolen ETH, and funds continue to move through centralized exchanges. If Binance or ChangeNow flag the addresses in time, partial recovery is possible — but that window closes fast. Watch for an official incident report from the Gravity Bridge team and potential Cosmos governance action to freeze or blacklist the affected assets.

☕₿

Comments

Subscribe to Our Newsletter

  • White Facebook Icon

© 2024 by Caffeine & Crypto. Powered and secured by Wix

bottom of page