Gravity Bridge Halted After $5.4M Exploit

Gravity Bridge, a decentralized blockchain facilitating cross-chain transfers between Ethereum and Cosmos, was reportedly drained of roughly $5.4 million, prompting validators to halt the bridge.

Onchain analyst Specter first flagged the unusual outflows in a Saturday post on X, revealing that the bridge contract key may have been compromised. “It appears the Gravity Bridge contract key may have been compromised, resulting in the theft of $5.4M,” Specter wrote.

Security firm PeckShield also confirmed the exploit in a post, breaking down the stolen assets as approximately $4.3 million in USDC (USDC), 274 Wrapped Ether (WETH) worth roughly $553,000, $434,000 in USDt (USDT) and 14.164 PAX Gold (PAXG) tokens worth about $64,000.

Source: PeckShield

PeckShield reported that a portion of the haul had already been laundered through instant-swap service ChangeNow and through Binance, while the theft wallet was still holding around 2,102 ETH worth approximately $4.23 million at the time of its report.

Related: StakeDAO exploit creates 5.4 trillion vsdCRV but nets only $91K

Gravity Bridge acknowledges attack

Gravity Bridge acknowledged the incident on X without detailing what went wrong. “There was an unfortunate incident on Gravity,” the team wrote, adding that validators “should halt their validators and orchestrators while this incident is being investigated.” In a follow-up post, the team confirmed the bridge had been halted.

Gravity Bridge allows tokens to move freely in both directions, from Ethereum to Cosmos wallets and DEXs like Osmosis, and from Cosmos-based blockchains back to Ethereum platforms like Uniswap. Unlike bridges that rely on centralized multi-signatures or private node groups, it uses its full validator set to authorize transfers, making it one of the more decentralized bridge designs in the space, according to its website.

Gravity Bridge’s native token is Graviton (GRAV), used by validators to secure the bridge. The token is currently trading at $0.0007053, down 4% over the past day, according to data from CoinMarketCap.

Related: ‘All DeFi unsafe’ claim sparks AI security debate after April hack surge

Bridge exploits are spooking institutions

As Cointelegraph reported, JPMorgan analysts have flagged bridge security as a major challenge in an April research note, questioning whether DeFi can scale to meet institutional demand. The concern comes amid the recent Versus-Ethereum bridge attack, which was the eighth major bridge exploit of 2026, with cumulative losses across those incidents reaching $328.6 million.

Following the KelpDAO breach in April, which drained roughly $290 million and was attributed to North Korea’s Lazarus Group, total value locked across DeFi fell from nearly $100 billion to around $86 billion in just two days, with outflows hitting pools that had no direct exposure to the compromised assets.