Loading prices…
🩸BEARISH

Gravity Bridge Loses $5.4M in Suspected Key Compromise

Another 2026 bridge exploit — but this one isn't a smart-contract bug. Researchers say the attacker walked in through the authorization layer, the same weak seam hit in Kelp DAO and Resolv earlier…

Gravity Bridge, a cross-chain protocol that moves assets between Ethereum and the Cosmos ecosystem, was drained of roughly $5.4 million early Saturday after onchain analyst Specter first flagged unusual outflows. Security firm PeckShield corroborated the read, saying the bridge's signing keys appear to have been compromised — allowing the attacker to push through unauthorized withdrawals that the system treated as legitimate.

The stolen funds break down to about $4.3 million in USDC, 274 wrapped ether worth roughly $553,000, $434,000 in tether, and 14.16 PAXG tokens worth about $64,000, per PeckShield. The assets were routed to an address ending in 7C62da1F9, with the drained contract identified by Specter as one ending in 1F2D906. The Gravity Bridge team confirmed the incident on X and told validators to halt their nodes and orchestrators while it investigates. The bridge is currently halted.

Why it matters

If the key-compromise read holds, this sits in the same category as the Kelp DAO ($292M) and Resolv ($25M) exploits earlier in 2026 — audited contract logic was not the weak point. Bridges work by locking tokens on one chain and minting mirrored versions on another, with validator signatures authorizing each transfer; if an attacker obtains enough signing keys, the system treats forged withdrawals as legitimate. That mechanism is consistent with the researchers' early framing that the breach sits at the authorization layer rather than in the code.

The structural concern is that key management is a human-and-operations problem, not a code problem — and it doesn't show up in audits. April was already the most-hacked month on record, with TRM Labs tracking North Korea-linked actors at roughly 76% of 2026's crypto hack losses. Bridges have been one of the most lucrative targets in crypto since Nomad's $190M exploit in 2022 and Orbit Chain's $81.5M hack in 2024. Gravity Bridge has not yet released a postmortem, leaving the exact entry point unconfirmed.

Related tokens
$ETH

Frequently asked questions

  1. How was Gravity Bridge drained if the smart contract code wasn't the weak point?

    Researchers including Specter and PeckShield believe the bridge's signing keys were compromised, allowing the attacker to push through unauthorized withdrawals that the system treated as legitimate. Bridge validators authorize each transfer by signature; if enough keys leak, forged withdrawals look real.

  2. What was stolen in the Gravity Bridge exploit?

    PeckShield tallied roughly $4.3M in USDC, 274 wrapped ether worth about $553K, $434K in tether, and 14.16 PAXG tokens worth about $64K — totaling around $5.4M. Funds were routed to an address ending in 7C62da1F9.

  3. What did the Gravity Bridge team do after the exploit?

    The team confirmed the incident on X and instructed validators to halt their nodes and orchestrators while the attack is investigated. The bridge is currently paused; no postmortem has been released and the exact entry point remains unconfirmed.

  4. How does the Gravity Bridge hack compare to other 2026 bridge exploits?

    At $5.4M it's modest next to Kelp DAO's $292M loss earlier this year, but the root cause pattern matches: audited contract code wasn't the weak point in either case. The Resolv $25M exploit earlier in 2026 followed a similar authorization-layer read.

  5. Why are bridges such a frequent target for crypto hackers?

    Bridges lock large pools of assets on one chain and mint mirrored versions on another, with validator signatures authorizing each transfer — making them high-value honeypots. The category has been heavily exploited since Nomad's $190M drain in 2022 and Orbit Chain's $81.5M hack in 2024, and key-management failures…

Source attribution
Aggregated from TheBlock · Verified · Last refreshed 45d ago
Open original →