According to blockchain security researchers, the incident may have been caused by a compromised contract key, which allowed an attacker to withdraw millions in USDC, WETH, USDT, and PAXG. After the exploit, the Gravity Bridge team halted bridge operations and instructed validators to stop their validators and orchestrators while the incident is investigated.
Hackers Steal $5.4M From Gravity Bridge
Gravity Bridge, a decentralized cross-chain protocol that enables asset transfers between the Ethereum and Cosmos ecosystems, suffered a major security incident that resulted in the loss of approximately $5.4 million worth of digital assets. The exploit was first identified by on-chain analyst Specter, who reported unusual outflows from the protocol and suggested that the bridge’s contract key may have been compromised.
According to Specter, the suspected compromise allowed an attacker to gain unauthorized access and drain funds from the protocol. PeckShield provided more details about the stolen assets. The firm reported that the attacker made off with roughly $4.3 million in USDC, 274 Wrapped Ether (WETH) valued at approximately $553,000, around $434,000 in USDT, and 14.164 PAX Gold (PAXG) tokens worth approximately $64,000.
PeckShield further revealed that some of the stolen assets were already moved through instant asset-swapping service ChangeNow and through Binance, which could be efforts by the attacker to launder portions of the stolen funds. Despite these movements, the security firm pointed out that the primary theft wallet was still holding approximately 2,102 ETH, valued at around $4.23 million at the time of its report.
After the discovery of the exploit, the Gravity Bridge team acknowledged the incident through social media and urged validators to immediately halt both their validators and orchestrators while the situation was investigated. The project later confirmed that the bridge itself had been halted as a precautionary measure to prevent any further unauthorized activity.
Gravity Bridge serves as an important interoperability solution between Ethereum and Cosmos-based networks. The protocol allows users to transfer assets from Ethereum to Cosmos wallets and decentralized exchanges like Osmosis, while also enabling the movement of Cosmos-native assets back to Ethereum-based platforms, including decentralized exchanges like Uniswap.
Unlike some bridge designs that rely on centralized multisignature wallets or small groups of operators, Gravity Bridge utilizes its broader validator set to authorize transfers, making it one of the more decentralized bridge architectures in the blockchain industry.
Source: https://coinpaper.com/17389/gravity-bridge-loses-5-4-m-in-suspected-key-compromise-attack
