The decentralized finance (DeFi) ecosystem has suffered another major blow as Gravity Bridge, a key protocol linking Ethereum and Cosmos, was hit by a devastating security exploit. Validators rushed to halt the bridge after attackers managed to drain approximately $5.4 million in digital assets.
The incident, first flagged by on-chain analyst Specter, points to a suspected signing key compromise. This allowed the attacker to bypass standard security protocols and siphon off millions in stablecoins and blue-chip tokens directly from the bridge’s smart contracts.
“It appears the Gravity Bridge contract key may have been compromised, resulting in the theft of $5.4M.”
— Specter, On-chain Analyst
Breakdown of the Stolen Assets
Blockchain security firm PeckShield quickly verified the attack, providing a detailed breakdown of the stolen funds. The hacker successfully extracted a basket of diverse digital assets:
- USDC: $4.3 million
- Wrapped Ether (WETH): 274 tokens (valued at roughly $553,000)
- USDT: $434,000
- PAX Gold (PAXG): 14.16 tokens (valued at roughly $64,000)
According to security reports, the attacker wasted no time in laundering the proceeds. A portion of the stolen funds has already been routed through instant-swap services like ChangeNow and centralized exchanges like Binance. However, the primary hacker wallet still holds a significant portion of the loot, including over 2,102 ETH.
Validators Halt the Network
In response to the rapid outflow of funds, the Gravity Bridge team issued an urgent directive on social media, instructing validators to immediately halt their operations to prevent further damage.
“There was an unfortunate incident on Gravity. Validators should halt their validators and orchestrators while this incident is being investigated.”
— Gravity Bridge Core Team
Gravity Bridge is known for its highly decentralized architecture. Unlike traditional cross-chain bridges that rely on centralized multi-signature wallets or restricted private node groups, Gravity utilizes its entire validator set to secure and authorize transfers between Ethereum and Cosmos-based decentralized exchanges (DEXs) like Osmosis. This unique design makes the suspected key compromise particularly concerning for the wider DeFi community.
Following the news, the network’s native utility token, GRAV, experienced a sharp decline, dropping by over 4% to trade at $0.0007053.
The Growing Crisis of Bridge Security
This latest breach highlights a persistent vulnerability within the Web3 infrastructure. Cross-chain bridges have increasingly become the primary targets for sophisticated hacking groups. Earlier this year, major financial institutions like JPMorgan raised alarms regarding the viability of decentralized bridges for institutional-grade finance.
The Gravity Bridge exploit follows a string of high-profile security failures, including the KelpDAO breach, which saw $290 million drained in an attack linked to North Korea’s notorious Lazarus Group. As cumulative bridge losses continue to mount, developers are facing intense pressure to redesign cross-chain communication protocols from the ground up.
FAQ
What is Gravity Bridge?
Gravity Bridge is a decentralized protocol designed to facilitate secure, trustless transfers of digital assets between the Ethereum and Cosmos ecosystems.
How much was stolen in the Gravity Bridge exploit?
Approximately $5.4 million in various cryptocurrencies, including USDC, WETH, USDT, and PAXG, was drained during the attack.
How did the hackers exploit Gravity Bridge?
Initial on-chain investigations suggest the exploit was made possible due to a compromise of the bridge’s signing keys, allowing the attacker to authorize unauthorized withdrawals.
What happened to the GRAV token after the hack?
The native GRAV token fell by approximately 4% immediately following the announcement of the exploit and the subsequent halting of the bridge.
