Gravity Bridge, a critical cross-chain infrastructure protocol connecting Ethereum to the Cosmos ecosystem, has suffered a suspected $5.4 million exploit. Blockchain security firms flagged unusual withdrawals linked to a possible contract key compromise, showing large outflows of USDC, ETH, USDT, and PAYG tokens.
On-chain tracking indicates that the attacker then moved part of the funds through centralized platforms, including ChangeNow and Binance, while retaining millions in Ethereum. The activity points to a potential breach in the bridge’s authorization system.
Earlier breakdown shows the stolen assets as about $4.3 million in USDC, 274 ETH worth roughly $553,000, $434,000 in USDT, and $64,000 in PAYG. Additionally, researchers linked two Ethereum addresses 0x7B..a1F9 and 0x4d..7A47. to the attack. Gravity Bridge has not released a full postmortem yet, which leaves the exact entry point unclear. However, early evidence suggests a compromise in signing or authorization rather than a typical user-level exploit.
Key compromise suspected in bridge attack
Security analyst Specter said the attacker likely gained access through a compromised bridge contract key or signing path. He added that the attacker began moving funds immediately after the exploit. “The attacker drained the following assets,” Specter reported, listing major stablecoins and ETH involved in the breach.
Additionally, analysts said the attacker still held more than $4 million in ETH after partial laundering. This suggests the transactions used valid-looking approvals rather than a direct smart contract bug. Investigators now suspect a compromise at the authorization or validator level rather than a protocol-level coding flaw.
Gravity Bridge serves as the connecting element between Ethereum and the Cosmos chain by staking Ethereum tokens on Ethereum and minting mirror tokens on Cosmos chains. It utilizes the signatures of validators to validate transactions. Therefore, when the attacker is able to get their hands on the signing keys, it becomes possible for them to submit unauthorized withdrawals.
Cross-chain bridge security under pressure
Cross-chain infrastructure has faced repeated security incidents this year, with multiple protocols reporting losses linked to private key compromises and message verification flaws. Gravity Bridge joins a growing list of affected projects as similar exploits continue across decentralized finance systems.
Recent security breaches have added to concerns about vulnerabilities in cross-chain infrastructure. Earlier this month, Stake DAO disclosed an exploit involving unauthorized token minting on the Arbitrum network, although the platform said funds on its main network remained secure.
Separately, MAP Protocol and ButterNetwork reported a bridge attack that enabled an attacker to create nearly one quadrillion MAPO tokens. Blockchain security firm Blockaid said the exploit stemmed from flaws in the bridge’s message verification process. According to the firm, attackers manipulated transaction data in a way that allowed invalid messages to pass security checks and trigger unauthorized token creation.
The incidents come amid a broader rise in bridge-related attacks across the crypto sector. Data compiled by PeckShield showed that at least eight major cross-chain bridge exploits had been recorded by May 18, 2026, resulting in estimated losses of about $328.6 million.
Also Read: SEC Charges Texas Man Over $12.3M AI Crypto Trading Fraud
