Gravity Bridge, a cross-chain protocol native to Cosmos, was the target of a compromised key attack, which led to the theft of approximately $5.4 million over the weekend. This latest security breach joins the growing list of exploits suffered in the decentralized finance (DeFi) space so far in 2026.
Gravity Bridge Hack Due to Signing of Key Compromise: Investigator
On Saturday, May 31, blockchain detective Specter pointed out that Gravity Bridge could have been exploited through what he described as a signature key compromise. For context, a signature key compromise refers to the unauthorized disclosure or theft of a cryptographic key, allowing an attacker to then use it to decrypt sensitive information, forge digital signatures, or gain unauthorized access to systems and, as in this case, funds.
Related reading
The analyst revealed that the loot included crypto assets worth around $5.4 million, including $4.3 million in USDC, 274 wrapped Ether worth around $553,000, $434,000 in USDT, and 14.16 PAXG tokens worth around $64,000. According to security firm PeckShield, the bad actor laundered some of the stolen funds through exchanges ChangeNOW and Binance, but still holds more than 2,100 Ether (worth approximately $4.23 million).

The team behind Gravity Bridge confirmed the attack on Saturday, saying validators and orchestrators should shut down operations while they investigate the exploit. “Thanks to the quick action of validators, the bridge is currently shut down while investigations continue,” the protocol announced in a subsequent social media post.
Gravity Bridge is a cross-chain protocol that works by locking tokens on the Ethereum network and creating direct replicas of crypto assets on the Cosmos network, relying on validator signatures to authorize each transfer. Therefore, the protocol would even consider counterfeit transactions as legitimate if a bad actor obtains the appropriate signing keys.
If confirmed as a key compromise, this Gravity Bridge incident would align with the current pattern of crypto bridge attacks, in which violations are typically embedded in access controls rather than the underlying smart contract code. This trend can be seen in the majority of recent exploits, with the $292 million Kelp DAO attack being a notable incident.
Crypto hacks continue to pile up in 2026
As mentioned earlier, the $5.4 million Gravity Bridge hack joins the growing list of hacks that have rocked the crypto industry, particularly the DeFi sector, in 2026. Specifically, bridges appear to have been an easy target for attackers during this period.
Specifically, a report from TRM Labs identified April 2026 as the most hacked month, with the highest number of incidents in crypto history. These attacks included the aforementioned $292 million Kelp DAO hack and the $285 million loss of Drift Protocol.
Related reading
Featured image from Shutterstock, chart from TradingView


