A suspected signing key compromise has left Gravity Bridge facing losses of roughly $5.4 million, prompting the protocol to halt operations while investigators examine the attack.
Key Takeaways
- Gravity Bridge lost approximately $5.4 million in a security breach over the weekend.
- Investigators believe the exploit was likely caused by a compromised signing key rather than a flaw in the smart contract code.
- The protocol halted bridge operations and instructed validators and orchestrators to stop activity during the investigation.
- The incident adds to a growing list of DeFi and cross chain bridge attacks seen throughout 2026.
What Happened?
Gravity Bridge, a decentralized protocol that connects the Ethereum and Cosmos ecosystems, suffered a major security breach that resulted in the theft of approximately $5.4 million in digital assets. Security researchers and on chain investigators believe the attack may have been carried out through a compromised signing key, allowing the attacker to authorize withdrawals that appeared legitimate.
Following the discovery of the exploit, the Gravity Bridge team moved quickly to halt bridge operations and asked validators and orchestrators to stop running while investigations continue.
#PeckShieldAlert The @gravity_bridge has been drained of ~$5.4M, including $4.3M $USDC, 274 $ETH (~$553K), $434K $USDT & 14.164 $PAYG ($64K)
— PeckShieldAlert (@PeckShieldAlert) May 30, 2026
The hacker has laundered a portion of the stolen assets through #ChangeNow & #Binance, and is still holding 2.102K $ETH (~$4.23M). pic.twitter.com/NJSNqc0G78
Investigators Point to Signing Key Compromise
The incident was first highlighted by blockchain investigator Specter, who reported suspicious fund movements from Gravity Bridge and identified attacker addresses connected to the exploit. According to the investigator, the attack appears to stem from a signing key compromise, giving an unauthorized party privileged access to execute withdrawals from the protocol’s Ethereum side contract.
A signing key compromise occurs when a cryptographic key used to authorize transactions is stolen or exposed. In such cases, attackers can generate transactions that appear valid to the protocol, making them difficult to distinguish from legitimate activity.
This distinction is significant because current findings suggest the exploit was not caused by a vulnerability in the bridge’s smart contract code. Instead, the attacker may have gained access to credentials that allowed transactions to be approved as if they originated from authorized participants.
Millions in Assets Drained
Blockchain security firm PeckShield reported that the stolen assets included:
- $4.3 million in USDC
- 274 WETH valued at approximately $553,000
- Around $434,000 in USDT
- 14.16 PAXG worth roughly $64,000
The total stolen amount reached approximately $5.4 million.
According to security researchers, portions of the stolen funds were moved through ChangeNOW and Binance, a step commonly associated with attempts to obscure transaction trails. The attacker also converted much of the stolen stablecoin holdings into Ether.
Despite these transfers, reports indicate that the primary wallet linked to the exploit still held more than 2,100 ETH, valued at roughly $4.23 million at the time of analysis.
Gravity Bridge Moves to Contain the Damage
The Gravity Bridge team acknowledged the security incident through social media and instructed validators and orchestrators to suspend operations immediately.
The protocol later confirmed that the bridge itself had been halted as a precautionary measure.
Thanks to the swift action of validators, the bridge is currently halted while investigations continue.
— Gravity Bridge (@gravity_bridge) May 30, 2026
The rapid response was aimed at preventing additional unauthorized transactions and preserving remaining assets while investigators determine the exact cause of the breach.
Why Gravity Bridge Matters?
Gravity Bridge serves as an important interoperability layer between Ethereum and Cosmos based networks. The protocol enables users to move assets such as USDC and other tokens between ecosystems, helping connect liquidity across different blockchain environments.
Unlike some bridge designs that rely on a limited group of operators, Gravity Bridge uses a broader validator network to authorize transfers. The system locks assets on Ethereum and creates corresponding representations on Cosmos, with validator signatures approving each transfer.
However, if a signing key is compromised, the protocol may treat fraudulent transactions as legitimate, creating a significant security risk despite its decentralized architecture.
Prior to the exploit, Gravity Bridge reportedly held approximately $11.5 million in total value locked, meaning the stolen funds represented a substantial portion of assets secured by the protocol.
Crypto Bridge Attacks Continue in 2026
The Gravity Bridge exploit is the latest example of ongoing security challenges facing the decentralized finance sector in 2026. Cross chain bridges have remained a frequent target for attackers because they often control large pools of assets and depend heavily on key management systems.
Industry reports have pointed to a surge in crypto related attacks this year, with several major incidents affecting decentralized protocols. Security experts have increasingly observed that many recent bridge breaches stem from compromised credentials and access controls rather than flaws in smart contract programming.
As investigations continue, the Gravity Bridge incident is likely to renew discussions around validator security, key management practices, and the risks associated with cross chain infrastructure.
CoinLaw’s Takeaway
In my experience, this incident highlights a recurring problem in crypto security. Many protocols spend significant resources auditing smart contracts, but attacks increasingly target the people, systems, and keys that control access. If the suspected signing key compromise is confirmed, it would show that even well designed infrastructure can be vulnerable when critical credentials fall into the wrong hands.
I found the fact that nearly half of Gravity Bridge’s reported total value locked was affected particularly concerning, as it underscores how damaging a single access control failure can be for a protocol and its users.
