Gravity Bridge, a decentralized cross-chain bridge between Ethereum and Cosmos, suffered a $5.4 million exploit on Saturday after its bridge contract key was compromised. Onchain analyst Specter first flagged the incident, with PeckShield confirming the theft of assets including $4.3M in USDC, 274 WETH, $434K in USDT, and 14.164 PAXG. Some funds were laundered through ChangeNow and Binance, while the hacker's wallet still held 2,102 ETH ($4.23M) at reporting time. Gravity Bridge acknowledged the attack on X, instructing validators to halt. The bridge uses its full validator set to authorize transfers, distinguishing it from centralized alternatives. The exploit adds to growing institutional concerns over bridge security, as JPMorgan analysts recently highlighted bridge risks as a barrier to DeFi scaling. This is the eighth major bridge exploit of 2026, with cumulative losses reaching $328.6M. Gravity Bridge's native token GRAV dropped 4% following the news.

Key facts

• Gravity Bridge lost $5.4M after its contract key was compromised.
• Stolen assets include USDC, WETH, USDT, and PAXG; funds laundered via ChangeNow and Binance.
• Validators were instructed to halt the bridge while investigation is ongoing.
• This is the eighth major bridge exploit in 2026, with cumulative losses of $328.6M.
• Gravity Bridge token GRAV dropped 4% following the incident.

KeyAudit data perspective