Back

Gravity Bridge Exploit Results in $5.4M Loss Due to Contract Key Leak

Severity: High (Score: 66.0)

Sources: Cryptonews, coinfomania.com

Published: 2026-05-30 · Updated: 2026-05-30

Keywords: bridge, gravity, suspected, exploit, security, coinfomania, suffers

Summary

On May 30, 2026, Gravity Bridge suffered a suspected exploit that drained approximately $5.4 million in assets, including $4.3 million in USDC and 274 ETH. Analysts from Specter and PeckShield indicated that the breach was likely due to a compromised bridge contract key, allowing the attacker to withdraw funds rapidly. The stolen assets were primarily USDC, WETH, USDT, and PAYG tokens. The hacker has laundered some of the stolen funds through services like ChangeNow and Binance, while still holding about 2,102 ETH valued at approximately $4.23 million. Gravity Bridge has not yet issued an official statement regarding the incident. The exploit highlights vulnerabilities in cross-chain infrastructure, as such bridges often hold significant liquidity. Security researchers are actively monitoring the situation and tracing the stolen assets. The speed of the laundering activities complicates recovery efforts for investigators. Key Points: • Gravity Bridge lost approximately $5.4 million due to a contract key leak. • The attacker targeted major cryptocurrencies, including USDC, WETH, and USDT. • Security firms are tracing the stolen assets, with 2,102 ETH still held by the hacker.

Detailed Analysis

**Impact** Approximately $5.4 million was stolen from Gravity Bridge, affecting holders of USDC ($4.3M), ETH (274 ETH, ~$553K), USDT ($434K), and PAYG (~$64K). The exploit impacts cross-chain bridge users and liquidity pools primarily within the Cosmos and Ethereum ecosystems. The attacker retains 2,102 ETH (~$4.23M) in wallets under active monitoring. The incident may disrupt user trust and operational continuity for Gravity Bridge and related DeFi services. **Technical Details** The attacker exploited a compromised critical contract key associated with Gravity Bridge’s operations, enabling unauthorized withdrawals. The attack targeted major stablecoins and wrapped tokens, including USDC, WETH, USDT, and PAYG. Funds were rapidly moved post-theft, with laundering activity observed through ChangeNow and Binance-linked addresses. Two attacker-controlled addresses were identified, with ongoing on-chain tracking of wallet activity. No specific malware, CVEs, or additional infrastructure details were disclosed. **Recommended Response** Implement multi-signature controls and hardware-secured key storage to prevent single-point contract key compromises. Deploy continuous on-chain monitoring and alerting for unusual contract interactions and large asset movements. Block and track identified attacker addresses and associated laundering services such as ChangeNow and Binance-linked wallets. Gravity Bridge and similar projects should review and harden bridge security frameworks and operational procedures.

Source articles (2)

  • Gravity Bridge Hit by Suspected $5.4M Exploit — Cryptonews · 2026-05-30
    Gravity Bridge is facing scrutiny after blockchain security researchers reported a suspected exploit. That drained approximately $5.4 million from the cross-chain bridge on May 30. According to on-cha…
  • coinfomania.com — coinfomania.com · 2026-05-30
    Gravity Bridge suffers a suspected $5.4M exploit on May 30, due to a contract key leak, prompting security firms to track stolen assets. Summary is AI generated, newsroom reviewed. On-chain analysts S…

Timeline

  • 2026-05-30 — Gravity Bridge exploit reported: Gravity Bridge was drained of ~$5.4 million due to a suspected contract key leak, affecting major cryptocurrencies.
  • 2026-05-30 — Security firms identify exploit method: On-chain analysts Specter and PeckShield reported that the exploit was likely due to a compromised bridge contract key.
  • 2026-05-30 — Funds laundered through external services: The hacker began laundering stolen assets through ChangeNow and Binance shortly after the theft.

Related entities

  • Data Breach (Attack Type)
  • Binance (Company)
  • ChangeNOW (Company)
  • Gravity Bridge (Company)
  • coinfomania.com (Domain)
  • usdt.at (Domain)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed