Gravity Bridge suffered a suspected $5.4 million breach after security firms flagged unusual withdrawals from the Ethereum-Cosmos bridge. The Gravity Bridge exploit consisted of USDC, ETH, USDT, and PAYG. Initial results indicate a possible compromise of the contract key or the bridge signing.
According to on-chain tracker PeckShieldAlert, the attacker used centralized services to transfer a portion of the money. ChangeNow and Binance were spotted in the trail. Despite the initial moves, the attacker still had millions of Ethereum.
Also Read: Stake DAO Exploit: 5.4T vsdCRV Minted, Mainnet Funds Safe
Gravity Bridge Exploit Entry Point Remains Unclear
The researchers put the stolen assets at approximately $4.3 million in USDC. They also counted 274 ETH worth roughly $553,000 and about $434,000 in USDT. The other $64,000 in PAYG was associated with the Gravity Bridge exploit.
A couple of Ethereum addresses were associated with this suspicious activity. Researchers identified them as 0x7B..a1F9 and 0x4d..7A47. A full postmortem of the incident has not been released by Gravity Bridge.
That delay leaves the exact entry point unclear. Initial data indicate that the leak could be signing or authorization controls. Analysts have not described it as a typical user-level attack.
Security analyst Specter said the attacker probably exploited a compromised key for the bridge contract or signing path. Soon after the breach, money started flowing. He held a significant number of major stablecoins and ETH.
Analysts noted that the attacker still had over $4 million in ETH after some laundering. The transaction pattern led to an inquiry regarding the procedure for withdrawal approval. It also stated that the Gravity Bridge exploit might have relied on seemingly legitimate requests to the bridge.
Investigators Review Bridge Signing Controls
Gravity Bridge is a bridge for connecting Ethereum and the Cosmos ecosystem. It’s a platform that locks assets on Ethereum and mints equivalent tokens on Cosmos chains. The move between these networks will need validators’ signatures.
That system can generate risk in the event of exposure to signing keys or approval systems. If the approval information is compromised, unauthorized withdrawals may go through the bridge. Investigators are now looking into if the weakness in the Gravity Bridge exploit was from that authorization layer.
Stake DAO is also hit by an exploit that resulted in the minting of tokens on Arbitrum without authorization. It added that funds on its main network were safe. Nonetheless, the case brought new concerns about risks associated with outside network integrations.
Two more bridge attacks were reported, one on MAP Protocol and another on ButterNetwork. This incident enabled the attacker to mint almost one quadrillion MAPO tokens. Weak message verification enabled invalid transaction data to pass security checks, said Blockaid.
By May 18, 2026, data from PeckShield revealed that at least eight significant cross-chain bridge exploits were detected. Those incidents resulted in estimated losses of approximately $328.6 million. Another such case has been added by the Gravity Bridge exploit.
Gravity Bridge users are still waiting for a final technical report. The team has yet to confirm if keys, validators, or contracts were involved. Until then, the Gravity Bridge exploit remains under investigation.
Also Read: CFTC Approves Kalshi BTCPERP Bitcoin Perpetual Futures Contract
