Gravity Bridge drained of $5.4M in signing-key compromise; validators halt operations

May 30, 2026, approx. 20:30–21:00 UTC — The Gravity Bridge Ethereum-Cosmos cross-chain bridge lost roughly $5.4 million on Saturday after on-chain analyst Specter (@SpecterAnalyst) flagged unusual withdrawals consistent with a signing-key compromise. Security firm PeckShield confirmed the incident and published a breakdown of the stolen assets. The Gravity Bridge team then halted operations and asked all validators and orchestrators to stop while the investigation continues.

The stolen funds comprised approximately $4.3 million in USDC, 274 wrapped ether valued at roughly $553,000, $434,000 in USDT, and 14.16 PAXG worth around $64,000. Funds moved to a wallet ending in 0x7B582033061b96cC3F9421e73a749ED7C62da1F9. Specter identified the affected contract as an address ending in 1F2D906. PeckShield later reported that about 2,100 ETH — valued near $4.23 million at the time of its update — remained in the attacker wallet, with the rest already routed through ChangeNow and Binance. An Arkham wallet snapshot shared by Specter showed a related address holding roughly $4.16 million in ether.

Specter's early assessment pointed to the authorization layer, not the contracts: "It appears the @gravity_bridge bridge contract key may have been compromised." Gravity Bridge connects Ethereum to the Cosmos ecosystem by locking assets on Ethereum and minting mirrored tokens on Cosmos; validator signatures authorize every cross-chain asset movement. An attacker who controls enough valid signing keys can make withdrawals appear legitimate to the system without touching audited contract code.

The Gravity team confirmed the incident on X and issued a public call to validators: "Validators should halt their validators and orchestrators while this incident is being investigated." A follow-up post confirmed the bridge itself had been halted. No postmortem has been published. Whether the compromise involved validator infrastructure, private keys, or an operational weakness remains unconfirmed.

The attack fits a pattern security researchers have flagged across 2026 bridge incidents. TRM Labs has reported that bridge attacks remain a major source of crypto losses this year, with key-management failures — rather than flaws in audited contract code — playing a central role in cases including Kelp DAO and Resolv.

Primary sources: @SpecterAnalyst, @gravity_bridge, crypto.news