Gravity Bridge Suspends Operations Following $5.4M Security Breach on Cosmos Network
Following a suspected compromise of signing keys that resulted in approximately $5.4 million being drained, Gravity Bridge validators have suspended bridge operations pending a thorough investigation.
A decentralized blockchain bridge known as Gravity Bridge, which enables cross-chain token transfers between the Ethereum and Cosmos ecosystems, has reportedly suffered a security breach resulting in the loss of approximately $5.4 million, leading validators to immediately suspend bridge operations.
The suspicious outflows were initially detected by onchain analyst Specter, who published findings in a Saturday update on X, indicating that the bridge's contract key had potentially been compromised. "It appears the Gravity Bridge contract key may have been compromised, resulting in the theft of $5.4M," Specter wrote.
The security breach was independently verified by cybersecurity firm PeckShield through a separate post, which provided a detailed breakdown of the compromised digital assets: approximately $4.3 million in USDC (USDC), 274 Wrapped Ether (WETH) valued at roughly $553,000, $434,000 in USDt (USDT) and 14.164 PAX Gold (PAXG) tokens worth about $64,000.
According to PeckShield's analysis, some of the stolen cryptocurrency had been laundered through the instant-swap service ChangeNow as well as through Binance, though the wallet associated with the theft continued to hold approximately 2,102 ETH valued at around $4.23 million at the time PeckShield released its findings.
Gravity Bridge acknowledges attack
The Gravity Bridge team publicly acknowledged the security incident via X but refrained from providing specific details regarding the nature of the vulnerability. "There was an unfortunate incident on Gravity," the team wrote, adding that validators "should halt their validators and orchestrators while this incident is being investigated." A subsequent post from the team confirmed that bridge operations had been successfully halted.
The Gravity Bridge protocol enables seamless bidirectional token movement from Ethereum to Cosmos wallets and decentralized exchanges such as Osmosis, as well as transfers from Cosmos-based blockchains back to Ethereum platforms including Uniswap. Distinguishing itself from bridges that depend on centralized multi-signature schemes or private node groups, the protocol leverages its complete validator set to approve transfers, positioning it as among the more decentralized bridge architectures in the cryptocurrency ecosystem, according to its website.
The native token of Gravity Bridge is Graviton (GRAV), which validators utilize to help secure the bridge infrastructure. The token is currently trading at $0.0007053, down 4% over the past day, according to data from CoinMarketCap.
Bridge exploits are spooking institutions
As previously covered by Cointelegraph, financial analysts at JPMorgan have identified bridge security as a critical obstacle in an April research note, raising questions about whether DeFi infrastructure can successfully scale to accommodate institutional demand. This concern emerges in the wake of the recent Versus-Ethereum bridge attack, which marked the eighth major bridge exploit of 2026, with aggregate losses across those incidents totaling $328.6 million.
In the aftermath of the KelpDAO security breach in April, which resulted in the drainage of roughly $290 million and was attributed to North Korea's Lazarus Group, total value locked across DeFi plummeted from nearly $100 billion to around $86 billion in just two days, with capital outflows impacting pools that had no direct exposure to the compromised assets.