Gravity Bridge Hack Drains $5.4 Million as Investigators Suspect Compromised Signing Keys

Gravity Bridge, a cross chain protocol connecting Ethereum and the Cosmos ecosystem, has suffered a security breach that resulted in the loss of approximately $5.4 million in digital assets.

Blockchain security researchers believe the attack was likely caused by compromised bridge signing keys rather than a vulnerability in the protocol’s smart contracts. The suspicious transactions were first identified by onchain analyst Specter and later confirmed by security firm PeckShield.

According to investigators, the stolen assets included about $4.3 million in USDC, 274 wrapped Ether valued at roughly $553,000, $434,000 in Tether and 14.16 PAXG tokens worth around $64,000.

Compromised Keys Suspected in Bridge Attack

Researchers said the attacker may have gained access to the signing keys used to authorize transfers between Ethereum and Cosmos. If enough valid keys are compromised, unauthorized withdrawals can appear legitimate within the system.

Gravity Bridge acknowledged the incident and instructed validators to halt validators and orchestrators while the investigation continues. The bridge has been temporarily suspended as a precaution.

Stolen Funds Moved Through Crypto Services

Security researchers reported that part of the stolen funds was transferred through ChangeNow and Binance shortly after the attack. PeckShield said the attacker was still holding around 2,100 ETH, valued at approximately $4.23 million, at the time of its analysis.

The incident adds to a growing number of bridge-related attacks in 2026, a year marked by rising crypto thefts and security breaches. Recent cases have shown that compromised credentials and key management failures are increasingly becoming a larger threat than flaws in smart contract code itself.