Gravity Bridge Loses $5.4M in Suspected Signing Key Breach 

Highlights:

• Gravity Bridge lost about $5.4 million in a suspected signing key breach.
• The attacker drained USDC, ETH, USDT, and PAYG from the bridge contract.
• Stolen funds moved through ChangeNow and Binance after conversion into ETH.

Gravity Bridge suffered a $5.4 million exploit today after an attacker drained assets from its Ethereum-side contract. Security monitors flagged the incident after large withdrawals moved out of the bridge, which connects Ethereum with Cosmos. Early findings pointed toward a suspected signing key or authorization breach. As a result, the case appears linked to privileged access rather than a standard smart contract flaw. 

Advertisement

The attacker took several assets from the contract during the drain. According to PeckShield, the stolen funds included about $4.3 million in USDC, 274 ETH worth roughly $553,000, and $434,000 in USDT. The wallet also removed 14,164 PAYG tokens valued at nearly $64,000. Moreover, analysts linked two Ethereum addresses to the movement, including 0x7B58…a1F9 and 0x4d3c…7A47.

The withdrawals appeared to come from the verified bridge contract, raising concern because the transactions looked authorized on-chain. The analysts therefore focused on a possible compromise in the signing route.

#PeckShieldAlert The @gravity_bridge has been drained of ~$5.4M, including $4.3M $USDC, 274 $ETH (~$553K), $434K $USDT & 14.164 $PAYG ($64K)

The hacker has laundered a portion of the stolen assets through #ChangeNow & #Binance, and is still holding 2.102K $ETH (~$4.23M). pic.twitter.com/NJSNqc0G78

— PeckShieldAlert (@PeckShieldAlert) May 30, 2026

Stolen Funds Move Through Exchanges

The attacker moved quickly after taking the assets. According to on-chain tracking, most stablecoins were swapped into ETH before the funds moved through laundering routes. Part of the haul went through ChangeNow and Binance. This movement suggested an effort to break the trail before investigators could react.

The exploiter still held about 2,102 ETH. That balance was worth roughly $4.23 million at the time of reporting. However, the funds remained visible on Ethereum, which allowed analysts to keep tracking the wallet. Moreover, exchange-linked transfers could face review if compliance teams identify the related addresses.

ChangeNow and Binance appeared in the fund movement reports after the attacker started routing proceeds. Swap services can help convert assets into a single token before further movement. Meanwhile, centralized platforms can create a harder tracing path once funds mix with wider liquidity. However, those platforms also give investigators a possible point for freezes or recovery requests.

Meanwhile, Gravity’s team has shared a statement on X about the incident. The team asked validators to halt validators and orchestrators during the investigation. This step aims to limit more damage while reviewers check the attack route.

There was an unfortunate incident on Gravity. Validators should halt their validators and orchestrators while this incident is being investigated.

— Gravity Bridge (@gravity_bridge) May 30, 2026

Bridge Hacks Keep Hitting DeFi Projects

The Gravity Bridge attack adds pressure to cross-chain infrastructure following several bridge incidents. Bridges, with their significant token pools on different networks, have remained major targets. Moreover, the attackers generally spot weak signing systems, gaps between validators, or faulty verification paths. This incident again shows how one control breach can drain major liquidity.

On May 18, the Verus-Ethereum bridge lost $11.5 million after a verification bypass exploit. The exploiter, however, returned 4,052.4 ETH worth $8.5M after being offered 1,350 ETH as a bounty. The case added to a wider run of bridge attacks across 2026. Meanwhile, PeckShield said that at least eight major bridge exploits had occurred by May 18, 2026. Those attacks reportedly have caused about $328.6 million in combined losses.

Advertisement