Hackers drain $5.4M from Gravity’s Ethereum – Cosmos bridge

An attacker has drained approximately $5.4 million from Gravity Bridge, the cross-chain bridge connecting Ethereum and the Cosmos ecosystem, in what on-chain analysts suspect was a contract key compromise.

The theft, which was flagged on May 30 by blockchain security firms PeckShield and Cyvers, continues a punishing stretch for cross-chain infrastructure.

Bridges have repeatedly proven to be the most lucrative targets in DeFi, and Gravity Bridge is the latest to fall.

It appears the bridge contract key may have been compromised, resulting in the theft of $5.4M.

The attacker drained the following assets:

USDC: $4.3M
WETH: 274 ETH (~$553K)
USDT: $434K$PAYG: $64K

Theft addresses:

0x7B582033061b96cC3F9421e73a749ED7C62da1F9…

— Specter (@SpecterAnalyst) May 30, 2026

What did the attacker take?

The attacker siphoned four assets from the bridge’s Ethereum-side contract: $4.3 million in USDC, 274 ETH (worth roughly $553,000), $434,000 in USDT, and 14,164 PAYG tokens valued at about $64,000, according to PeckShield.

On-chain analyst Specter, who was also among the first to report the incident, identified the suspected attack vector as a compromise of the bridge contract key or signing path. Two Ethereum addresses, “0x7B58…a1F9” and “0x4d3c…7A47,” have been linked to the theft, according to CryptoAdventure.

Laundering already underway

PeckShield reported that a portion of the stolen funds had already been moved through ChangeNow and Binance.

Per PeckShield, the attacker still held roughly 2,102 ETH (approximately $4.23 million), so the bulk of the haul still remains in the exploiter’s wallet as of the time of reporting.

Cyvers confirmed the $5.4 million loss figure and said the stolen assets were swapped into native ETH.

Gravity Bridge has not published a postmortem or public statement on the incident.

Bridge exploits keep piling up

The Gravity Bridge drain comes in a month already scarred by bridge attacks. On May 18, the Verus-Ethereum bridge lost $11.5 million after a verification bypass exploit, according to DefiLlama’s hacks database. Analysts have pointed to the Verus incident as part of a growing string of cross-chain infrastructure exploits.

Cryptopolitan has previously reported on the persistent vulnerability of bridge protocols, which handle large pools of locked assets across chains and present concentrated targets for attackers. DefiLlama data shows that bridges account for $3.2 billion of the $16.6 billion in total value hacked across crypto history, a disproportionate share given how few bridge protocols exist relative to other DeFi categories.

As of reporting time, Gravity Bridge held approximately $6.2 million in total value locked, according to DefiLlama. The $5.4 million drain represents nearly a big chunk of the bridge’s TVL, effectively sending the protocol’s stored value into a nosedive.

One community member noted the scale of remaining funds came as a surprise. “I had no idea there was even that much TVL left locked in the Gravity Bridge,” wrote Ed from AirdropGlideApp, questioning why users had not migrated to newer Cosmos bridging options.

For now, users with funds on the protocol have no official guidance, as the platform is yet to confirm or share any update on the exploit. The remaining 2,102 ETH sits in a known address, giving exchanges and compliance teams a window to flag or freeze the funds before further laundering occurs.