Gravity Bridge halted after $5.4M exploit; validators pause
Cosmos-Ethereum bridge Gravity Bridge halted after a reported $5.4 million exploit, with validators pausing as attackers drained multiple tokens and about 2,100 ETH.
Gravity Bridge halted operations after a reported $5.4 million exploit, and validators paused activity while the incident is investigated. Attackers drained USDC, WETH, USDT, PAXG and roughly 2,100 ETH from the bridge contracts.
Onchain analyst Specter flagged unusual outflows on X and noted the bridge contract key may have been compromised: “It appears the Gravity Bridge contract key may have been compromised, resulting in the theft of $5.4M.” Security firm PeckShield confirmed an exploit and provided a breakdown of the stolen assets: about $4.3 million in USDC; 274 Wrapped Ether (WETH), worth roughly $553,000; $434,000 in USDT; and 14.164 PAX Gold (PAXG), valued at about $64,000.
PeckShield reported that some of the funds had already moved through the instant-swap service ChangeNow and through Binance. At the time of its analysis, the theft wallet still held about 2,102 ETH, which the firm valued at roughly $4.23 million.
Gravity Bridge posted on X, “There was an unfortunate incident on Gravity,” and instructed validators to “halt their validators and orchestrators while this incident is being investigated.” The team later confirmed the bridge had been halted while maintainers and validators examine what happened.
Gravity Bridge moves tokens between the Ethereum and Cosmos ecosystems, enabling transfers to Cosmos wallets and decentralized exchanges such as Osmosis, and back to Ethereum platforms like Uniswap. The bridge uses its full validator set to authorize transfers rather than a centralized multisignature arrangement. Its native token, Graviton (GRAV), is used by validators to secure the bridge; market data showed GRAV trading near $0.0007053, down about 4% over the past day.
At the time of the halt, project maintainers had not released a detailed post-mortem explaining how the breach occurred or whether the compromise was limited to a single key or vector. Validators and maintainers are coordinating to stop additional transfers and assess the scope of the loss while investigations continue.
The incident follows multiple high-value bridge attacks in 2026 that together caused losses in the hundreds of millions of dollars. Financial analysts have highlighted bridge security as a challenge for broader institutional use of decentralized finance.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
