Security

Cosmos-based Gravity Bridge drained of $5.4 million in suspected key compromise, researchers say

By Zara Ahmed · Blockchain Reporter 6h ago The Block

Gravity Bridge, a cross-chain bridge built on the Cosmos ecosystem, suffered a $5.4 million theft after attackers compromised private keys, according to security researchers. The incident marks another major exploit targeting interoperability infrastructure that connects Cosmos with Ethereum and other networks.

The attacker drained USDC, ether, tether, and PAYG tokens from the bridge's liquidity pools. Researchers tracked the stolen funds as they moved through cryptocurrency mixers and exchanges, with portions laundered via ChangeNow and Binance. The speed of the exploit and the attacker's knowledge of the bridge's architecture suggest sophisticated actors with insider knowledge or deep technical familiarity with Gravity Bridge's code.

Gravity Bridge serves as a critical conduit for assets moving between Cosmos and external blockchains. The protocol uses validator signatures to authorize cross-chain transactions. A key compromise at this layer would allow attackers to forge legitimate withdrawal approvals without detection until the damage appeared on-chain.

This attack follows a pattern of recurring vulnerabilities in bridge infrastructure. Major exploits like the Ronin hack in 2022 (which cost $625 million) and the Nomad bridge breach ($190 million) have repeatedly demonstrated that bridges remain high-value targets. Their role as gatekeepers between isolated blockchains creates concentrated risk, where a single compromise can drain millions in minutes.

The Cosmos ecosystem has faced particular scrutiny around operational security. Recent bridge incidents have prompted validators and governance bodies to implement stricter key management protocols and multi-signature requirements. However, enforcement remains inconsistent across different protocols.

Gravity Bridge operators have since secured the bridge and begun investigating the breach. The impact on PAYG token holders remains under assessment, as the token trades on limited exchanges. For Cosmos-connected applications relying on Gravity Bridge for liquidity, the outage forces alternative routing through slower, less efficient bridges or temporary liquidity constraints.

The theft underscores why institutional users and large protocols increasingly demand audited, battle-tested infrastructure before moving significant capital across chains. Bridge security remains the sector's weakest

Key facts

Gravity Bridge, a cross-chain bridge built on the Cosmos ecosystem, suffered a $5.4 million theft after attackers compromised private keys, according to security researchers.
The incident marks another major exploit targeting interoperability infrastructure that connects Cosmos with Ethereum and other networks.
The attacker drained USDC, ether, tether, and PAYG tokens from the bridge's liquidity pools.
Researchers tracked the stolen funds as they moved through cryptocurrency mixers and exchanges, with portions laundered via ChangeNow and Binance.

Why it matters

This security story is part of Proof of News's daily monitoring of sources, companies, institutions, and trends shaping crypto & blockchain news.

Source context

This article summarizes and contextualizes reporting from The Block. The visible original source link is retained so readers can review the primary report directly.

This coverage is informational and should not be treated as financial, legal, medical, health, gambling, or investment advice.

Cosmos-based Gravity Bridge drained of $5.4 million in suspected key compromise, researchers say

Key facts

Why it matters

Source context

Related reading

XRP Ledger's new proposal blocks the flash loan attacks costing DeFi hundreds of millions

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Gravity Bridge Loses $5.4 Million in Suspected Signing Key Compromise

Stay ahead of the news