Gravity Bridge, a Cosmos-native cross-chain protocol, suffered a compromised-key attack over the weekend, resulting in the theft of roughly $5.4 million.
Blockchain investigator Specter identified the breach as a signing key compromise, allowing the attacker to forge transactions. The loot included $4.3 million in USDC, 274 wrapped Ether, $434,000 in USDT, and 14.16 PAXG tokens.
Security firm PeckShield reports the attacker has laundered some funds via ChangeNOW and Binance, but still holds over 2,100 Ether worth approximately $4.23 million. The Gravity Bridge team confirmed the incident and has halted bridge operations while investigations continue.
This attack fits a broader pattern of crypto bridge exploits driven by access control failures, not smart contract vulnerabilities. April 2026 was the most hacked month in crypto history, per TRM Labs, including the $292 million Kelp DAO incident.