The Cryptocurrency Post The CryptocurrencyPost
AboutContact
Security

GravityBridge halts after $5.4M in unauthorized outflows amid suspected signing key compromise

Photorealistic cross-chain bridge from Ethereum to Cosmos with a broken vault and a glowing signing key indicating a breach.

GravityBridge said it paused operations after security researchers flagged about $5.4 million in unauthorized outflows from the cross-chain protocol, with early assessments pointing to a possible signing key compromise rather than a bug in the bridge contract.

The incident was first highlighted by on-chain analyst Specter and later reinforced by PeckShield, which posted a breakdown of the drained assets on X. PeckShield’s alert on X identified the bridge as the source of the outflows and listed the affected tokens.

According to PeckShield’s post, the drained assets included about $4.3 million in USDC, 274 ETH worth roughly $553,000, $434,000 in USDT and 14.164 PAXG valued at about $64,000. PeckShield also said part of the funds had already been moved through ChangeNow and Binance, while the theft wallet still held roughly 2,100 ETH, or about $4.23 million, at the time of its update.

Specter said the withdrawal pattern suggested that the bridge’s signing keys may have been compromised, which would allow transactions to appear valid to the system even if they were unauthorized. That assessment remains preliminary. The exact entry point has not been confirmed, and the available material does not establish whether the compromise involved validator infrastructure, private keys or another weakness.

GravityBridge later posted that there had been an “unfortunate incident” and asked validators and orchestrators to stop while the investigation continues. The protocol said it had been halted as it reviewed the attack. No postmortem had been released in the material provided.

GravityBridge connects Ethereum and the Cosmos ecosystem by locking assets on Ethereum and minting mirrored tokens on Cosmos. In that structure, validator signatures authorize transfers across the bridge. Because of that setup, a compromise of signing keys can create unauthorized withdrawals without necessarily requiring a direct failure in the contract logic.

For now, the confirmed status is limited to the reported drain, the protocol pause and the ongoing investigation. The cause remains under review, and the team has not yet published a full incident report.