The cross-chain protocol Gravity Bridge temporarily suspended operations after a suspicious outflow of assets totaling about $5.4 million. The incident affected the bridge between Ethereum and the Cosmos ecosystem, which is used to transfer tokens between networks and decentralized platforms.
According to PeckShield, about $5.4 million was withdrawn from Gravity Bridge, including $4.3 million in USDC. Some funds have already passed through ChangeNow and Binance, while about 2,100 ETH worth more than $4.2 million remain at the attacker’s addresses.
The first to notice unusual activity was on-chain analyst Specter. According to his assessment, the attackers may have gained access to the Gravity Bridge contract key. PeckShield later confirmed the outflow of funds and disclosed the structure of the stolen assets.
USDC, WETH, USDT, and PAXG Withdrawn From the Bridge
The main losses were in USDC. About $4.3 million in this stablecoin was withdrawn from the protocol. Among the stolen assets were also 274 WETH worth about $553,000, around $434,000 in USDT, and 14.164 PAX Gold worth about $64,000.
After the attack, some of the funds were quickly moved through exchange services and centralized platforms. According to PeckShield, some assets went through ChangeNow and Binance. At the same time, the associated address still held about 2,102 ETH worth approximately $4.23 million.
This scheme is typical for attacks on DeFi infrastructure. Attackers try to spread assets across different routes as quickly as possible while the project team and analysts are still reconstructing the events.
Team Asks Validators to Halt Infrastructure
Gravity Bridge confirmed the incident and recommended that validators stop nodes and orchestrators during the investigation. The team later reported that the bridge had indeed been halted.
This is a forced measure. If there is a risk of key or signing process compromise, continuing bridge operations could lead to further withdrawals. In such a situation, the main task for developers is to isolate the problem and prevent the attacker from repeating the operation.
So far, the team has not disclosed which specific element of the infrastructure was vulnerable. It is unknown whether a single key, the signing process, or a related bridge management service was compromised.
Why the Gravity Bridge Case Is Especially Important
Gravity Bridge has long positioned itself as a more decentralized cross-chain bridge. It connects Ethereum with Cosmos and allows assets to be transferred both ways: from Ethereum to Cosmos wallets and applications, and back to Ethereum services like Uniswap.
Unlike bridges that rely on a small set of signers or closed node groups, Gravity Bridge uses network validators to confirm transfers. Therefore, possible key compromise is especially damaging to the project’s reputation.
The problem shows that even a more decentralized architecture does not eliminate all risks. The bridge’s security depends not only on protocol logic, but also on how keys, orchestrators, updates, monitoring, and internal response procedures are organized.
GRAV Token Also Comes Under Pressure
Following the news, the native Graviton token fell by about 4% over the day and was trading around $0.000705. The movement does not look catastrophic, but reflects a cautious market reaction.
For such tokens, trust in the infrastructure plays a key role. If the bridge stops, users begin to assess not only direct losses but also the risk of a repeat incident after relaunch.
The longer the investigation continues, the greater the pressure on liquidity, activity, and trust in the protocol.
Bridge Attacks Are Once Again DeFi’s Main Headache
The Gravity Bridge incident fits into a broader 2026 trend. Cross-chain bridges remain one of the most vulnerable parts of DeFi because they simultaneously hold large reserves and depend on complex transfer confirmation infrastructure.
According to industry estimates, several major bridge attacks have already occurred since the beginning of the year, with total losses from such incidents exceeding $328 million. One of the largest was the April KelpDAO hack for about $290 million, which was linked to the Lazarus group.
After such incidents, the market reacts more broadly than just to the hacked project itself. Users begin to withdraw liquidity from other protocols, even if they are not directly connected to the attack. This is how, after KelpDAO, the total value locked in DeFi sharply dropped from nearly $100 billion to about $86 billion in just two days.
Institutions Increasingly Focus on Bridge Security
The bridge problem has already gone beyond the crypto community. JPMorgan analysts previously called cross-chain infrastructure security one of the key barriers to institutional capital entering DeFi.
The logic is clear. Large funds and financial companies will not be able to use decentralized applications at the scale of traditional markets if asset transfers between networks remain a systemic risk point.
For DeFi, this is an unpleasant but important signal. To attract large capital, protocols will have to prove not only profitability and speed, but also the resilience of the entire operational infrastructure.
Market Again Sees Risk Not in Code, but in Access Management
In recent years, the industry has learned to better audit smart contracts. Audits have become standard, major protocols launch bug bounty programs, and critical contracts increasingly undergo multi-stage checks.
But attackers have gradually shifted focus. Now, they increasingly target keys, servers, management interfaces, validators, bridge orchestrators, and internal team procedures.
Gravity Bridge may turn out to be just such a case if the key compromise theory is confirmed. Then the problem will not be in the bridge’s economic model, but in protecting access to a critical function.
What Comes Next?
Gravity Bridge’s fate now depends on the results of the investigation. The team needs to determine the source of the compromise, trace the route of the stolen assets, assess remaining risks, and only then decide on relaunching the bridge.
For users, the main question is simpler: will it be safe to transfer funds through Gravity Bridge again after operations resume? The answer will come only after the team publishes a report and confirms the vulnerability has been fixed.
For now, the incident serves as another reminder for DeFi. Cross-chain bridges remain a convenient but risky part of the infrastructure. The more liquidity they connect between networks, the higher the price of any mistake in keys, processes, and access control.
Read More: Bitcoin Ends May Down; Market Awaits US Economic Data
