Gravity Bridge, a Cosmos-native gross-chain protocol, changed into the target of a compromised-key assault, which ended in the theft of roughly $5.4 million over the weekend. This most novel security breach joins the rising checklist of exploits suffered in the decentralized finance (DeFi) web site so a ways in 2026.
Gravity Bridge Hack Traced To Signing Key Compromise: Investigator
On Saturday, Would possibly well thirty first, blockchain sleuth Specter highlighted that Gravity Bridge would possibly perhaps want been exploited thru what he described as a signing key compromise. For context, a signing key compromise refers to the unauthorized disclosure or theft of a cryptographic key, allowing an attacker to then utilize it to decrypt sensitive files, forge digital signatures, or compose unauthorized access to methods and, as in this case, funds.
The analyst disclosed that the loot included crypto resources price about $5..4 million, including $4.3 million in USDC, 274 wrapped Ether valued at roughly $553,000, $434,000 in USDT, and 14.16 PAXG tokens priced at about $64,000. In response to security company PeckShield, the imperfect actor has laundered a allotment of the stolen funds thru the ChangeNOW and Binance exchanges, but quiet holds over 2,100 Ether (price approximately $4.23 million).
The team in the support of Gravity Bridge confirmed the assault on Saturday, asserting that validators and orchestrators have to quiet quit their operations whereas they investigate the exploit. “Thanks to the swift motion of validators, the bridge is currently halted whereas investigations proceed,” the protocol presented in a subsequent put up on social media put up.
Gravity Bridge is a gross-chain protocol that works by locking tokens on the Ethereum community and developing tell replicas of the crypto resources on the Cosmos community, relying on validator signatures to authorize each switch. Therefore, the protocol would take care of even solid transactions as legit if a imperfect actor gets the categorical signing keys.
If confirmed as a key compromise, this Gravity Bridge incident would align with the ongoing pattern of crypto bridge attacks, correct thru which breaches are in most cases embedded in access controls rather than in the underlying natty contract code. This pattern can also merely moreover be seen in the massive majority of the sizzling exploits, with Kelp DAO’s $292 million assault a indispensable incident.
Crypto Hacks Proceed To Pile In 2026
As talked about earlier, Gravity Bridge’s $5.4 million hack joins the rising checklist of hacks that enjoy rocked the crypto industry, especially the DeFi sector, in 2026. Particularly, bridges appear to were a soft target for attackers in this interval.
Particularly, a TRM Labs checklist identified April 2026 as doubtlessly the most hacked month, with the ideal series of incidents in crypto history. These attacks included the aforementioned $292 million Kelp DAO hack and Drift Protocol’s $285 million loss.
Featured checklist from Shutterstock, chart from TradingView
