Gravity Bridge in Cosmos Ecosystem Suffers $5.4 Million Theft Due to Key Leak
Severity: High (Score: 66.0)
Sources: Chaincatcher, Panewslab
Published: · Updated:
Keywords: bridge, cosmos, gravity, being, attacked, ecosystem, cross-chain
Severity indicators: shut down
Summary
The Gravity Bridge, a cross-chain bridge in the Cosmos ecosystem, has been attacked following the leakage of its signing keys. Approximately $5.4 million in assets were stolen as a result. The official team confirmed the security incident and has suspended bridge services for an investigation. Validators have been requested to halt the operation of validation nodes and coordinators. The incident highlights vulnerabilities in the management of signing keys within blockchain infrastructure. The exact method of the attack remains under investigation, but the compromise of contract keys is suspected. The situation is ongoing, with further updates expected as the investigation progresses. Key Points: • Gravity Bridge lost approximately $5.4 million due to a signing key leak. • The official team has suspended bridge services and requested validators to stop operations. • Investigation into the incident is currently underway to determine the full scope of the attack.
Detailed Analysis
**Impact** Approximately $5.4 million in assets were stolen from the Gravity Bridge, a cross-chain bridge within the Cosmos ecosystem. The incident affects users and validators operating on this bridge, impacting cross-chain transactions and asset transfers. Bridge services have been suspended, disrupting normal operations and affecting the broader Cosmos network participants relying on this infrastructure. No specific geographic or sectoral data beyond the Cosmos ecosystem is provided. **Technical Details** The attack exploited leaked signing keys, specifically the contract or signature keys used to authorize transactions on the bridge. This key compromise allowed unauthorized asset transfers, indicating a breach at the cryptographic key management stage of the kill chain. No malware, CVEs, or additional infrastructure details are mentioned. Indicators of compromise (IOCs) are not provided in the available information. **Recommended Response** Immediately suspend all bridge services and validator node operations, as already initiated by the Gravity Bridge team. Conduct a thorough audit of key management practices and rotate all compromised keys before resuming operations. Monitor for unauthorized transactions and suspicious validator activity related to the bridge. No specific patches or detection signatures are available; defenders should focus on key security and transaction anomaly detection.
Source articles (2)
- Cosmos ecosystem cross — Chaincatcher · 2026-05-31
The Cosmos ecosystem cross-chain bridge Gravity Bridge is suspected to have been attacked due to the leakage of its signing keys, resulting in approximately $5.4 million in assets being stolen. The of… - Cosmos's Gravity Bridge announced it would shut down after being attacked. — Panewslab · 2026-05-31
PANews reported on May 31 that the Cosmos ecosystem cross-chain bridge Gravity Bridge was previously suspected of being attacked due to a leaked signature key, resulting in the theft of approximately…
Timeline
- 2026-05-31 — Gravity Bridge attack confirmed: The Gravity Bridge was confirmed to have been attacked, leading to the theft of $5.4 million in assets.
- 2026-05-31 — Bridge services suspended: The official team suspended all bridging services to investigate the security incident.
- 2026-05-31 — Validators requested to halt operations: Validators were asked to suspend the operation of validation nodes and coordinators as part of the response to the attack.
Related entities
- Data Breach (Attack Type)
- Gravity Bridge (Company)