- Gravity Bridge suffered a $5.4M loss after suspected key breach, security firms reported.
- Attackers quickly moved funds via exchanges, yet over $4M in ETH remains in their wallet.
- Cross-chain bridge hacks persist, adding to $328.6M losses across eight incidents in 2026.
Gravity Bridge has lost about $5.4 million after a suspected compromise of a signing key, according to security firm PeckShieldAlert. The attack hit the cross-chain bridge that connects Ethereum and the Cosmos ecosystem, allowing the attacker to drain several digital assets and quickly move part of the funds.
In a post on X, PeckShieldAlert said the stolen assets included $4.3 million in USDC, 274 ETH worth about $553,000, $434,000 in USDT, and roughly $64,000 in PAYG tokens. The attacker routed some of the funds through ChangeNow and Binance shortly after the theft. However, on-chain data shows the wallet still holds more than 2,100 ETH valued at about $4.2 million.
The breach adds to a growing list of attacks targeting cross-chain bridges, which remain one of the most attractive targets in decentralized finance because they hold large pools of locked assets.
Analysts Point to Possible Contract Key Compromise
Early findings from blockchain investigators point to a possible compromise of a Gravity Bridge contract key. On-chain analyst Specter said the breach appears to have enabled the theft of roughly $5.4 million from the protocol.
“It appears the @gravity_bridge bridge contract key may have been compromised, resulting in the theft of $5.4M,” Specter posted on X.
Specter also identified two wallet addresses linked to the incident and said the attacker began moving funds almost immediately after the theft. “The attacker immediately began laundering the stolen funds after the theft,” he wrote. Despite those transfers, blockchain data shows the primary address still holds more than $4 million worth of cryptocurrency.
Cyvers Alerts reported similar findings. The blockchain security firm detected a series of suspicious transactions tied to Gravity Bridge and estimated losses at about $5.4 million. According to Cyvers, the attacker converted the stolen assets into ETH before routing part of the funds through ChangeNow, a move often used to complicate the tracking of stolen cryptocurrency.
Related: Circle Freezes $12.6 Million in Confidential USDC, Impacting Zama Users, Says ZachXBT
Bridge Exploits Continue Across DeFi
An attack on Gravity Bridge takes place amid an increasing trend of cyberattacks targeting cross-chain bridges, which are among the weakest links in DeFi. As per data from PeckShield, there have been eight bridge-related security incidents that led to nearly $328.6 million worth of losses this year alone.
The attacks have continued across several major projects. On May 18, hackers stole roughly $11.5 million from the Verus-Ethereum bridge after funding activity linked to Tornado Cash appeared ahead of the exploit. Earlier this year, separate incidents affected Drift Protocol and KelpDAO‘s LayerZero adapter, while attackers also targeted the Shibarium bridge.
Related: ZeroTier CEO Warns Quantum Threat Extends Beyond Bitcoin
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
