Gravity Bridge Hack 2026 — $5M Exploit Analysis

Suspected signing key compromise drained $5.4M from Ethereum-Cosmos bridge

Details

Full Description

On May 30, 2026, Gravity Bridge, a cross-chain protocol connecting Ethereum and Cosmos, was drained of approximately $5.4 million in a suspected signing key compromise. Between 02:30 and 03:30 UTC, an attacker gained access to a bridge contract signing key and withdrew mixed assets: $4.3 million in USDC, 274 ETH (~$553K), $434K in USDT, and $64K in PAYG tokens. The bridge did not get tricked — it got impersonated. The attacker presented valid signed authorization, and the contract released the assets. Validators halted the bridge immediately after discovery.

Laundering Analysis

The attacker wasted no time moving proceeds. Portions were routed through ChangeNow (a non-custodial swap service) and Binance. As of reporting, the attacker still held approximately 2,102 ETH (~$4.23M), suggesting the bulk of stolen value remained on-chain and potentially traceable. The speed and spread of assets pointed to a compromised signing key rather than a logic bug.

Sources

Related Hacks

Back to Browse