Attackers drained roughly $5.4 million from the Gravity Bridge Ethereum-side contract early on May 30. On-chain investigators point to a compromised signing key rather than a smart-contract flaw.
The exploit removed $4.3 million in USD Coin (USDC) and 274 ether (ETH) worth $553,000. PeckShield also recorded $434,000 in Tether (USDT) and PAYG tokens worth $64,000.
Inside the Gravity Bridge hack
The drain came from the bridge’s verified Ethereum contract, with privileged access enabling withdrawals that appeared authorized. On-chain analyst Specter flagged the incident first, listing two attacker addresses tied to the theft.
PeckShield said the hacker moved part of the proceeds through ChangeNow and Binance to obscure origins. Cyvers Alerts and other on-chain monitors confirmed the figures shortly after.
Follow us on X to get the latest news as it happens
The attacker swapped most stablecoins into ETH and now controls about 2,102 ETH worth roughly $4.23 million.
Bridges Remain Crypto’s Weakest Link
Gravity Bridge connects Ethereum to the Cosmos ecosystem through IBC, letting assets such as USDC move between chains. The bridge held roughly $11.5 million in total value locked before the drain.
Past cross-chain bridge attacks like Ronin and Poly Network exposed how concentrated keys become a single point of failure.
PeckShield previously tallied eight major bridge exploits totaling $328.6 million in May alone.
Earlier incidents include the Meter bridge hack and a broader pattern of validator key failures across the sector.
Stablecoin issuers can blacklist addresses in minutes. Funds routed through non-custodial services like ChangeNow are harder to retrieve.
The remaining ETH stash is fully traceable on Etherscan but can still be split, mixed, or bridged to other chains.
The Gravity Bridge team has not issued a public response.
The post Gravity Bridge Loses $5.4 Million in Suspected Signing Key Compromise appeared first on BeInCrypto.
