Gravity Bridge Hit by Suspected Key Leak With About $5.4 Million Stolen
According to the protocol and blockchain investigators, Gravity Bridge halted operations after a suspected signing-key compromise led to about $5.4 million in losses, adding to a broader wave of 2026 DeFi and bridge exploits.
Gravity Bridge, a cross-chain protocol linking Ethereum and Cosmos, confirmed a security incident after roughly $5.4 million was stolen in what investigators described as a suspected signing-key compromise. The protocol told validators and orchestrators to halt operations while the bridge remained paused during the investigation. Reported stolen assets included about $4.3 million in USDC, 274 wrapped Ether worth roughly $553,000, $434,000 in USDT, and 14.16 PAXG worth about $64,000. PeckShield said part of the funds was laundered through ChangeNOW and Binance, while the attacker still held more than 2,100 Ether worth about $4.23 million. The incident adds to a growing list of 2026 DeFi and bridge attacks, with reporting citing TRM Labs data that identified April 2026 as the most hacked month in crypto history and referencing other major exploits including Kelp DAO and Drift Protocol.
- signing-key compromise: A security breach in which an attacker obtains cryptographic keys used to authorize transactions, enabling forged transfers or unauthorized access.
- wrapped Ether: A tokenized version of Ether that is designed to maintain ETH’s value while being usable in smart contracts and DeFi applications.
- PAXG: A gold-backed crypto token intended to represent ownership of physical gold on-chain.