Gravity Bridge Suffers $5.4 Million Theft...Is DeFi Security Adequate as is?

▲ Cryptocurrency theft, cybersecurity, hacking/AI-generated image

The cross-chain protocol Gravity Bridge, based on Cosmos, suffered an attack worth $5.4 million, once again exposing the security vulnerabilities of bridges in the Decentralized Finance (DeFi) market.

According to crypto-specialized media NewsBTC on May 31 (local time), Gravity Bridge was attacked over the weekend, believed to be a signature key compromise, resulting in the theft of approximately $5.4 million worth of cryptocurrency. Blockchain tracer Specter raised the possibility that this attack occurred through a signature key compromise. A signature key compromise is an attack method where cryptographic keys are unauthorizedly exposed or stolen, allowing attackers to exploit them for decrypting sensitive information, forging digital signatures, gaining system access, or moving funds.

The stolen assets included $4.3 million in USDC, 274 Wrapped Ether (WETH) worth approximately $553,000, $434,000 in USDT, and 14.16 PAXG worth approximately $64,000. According to security firm PeckShield, the attackers laundered some of the stolen funds through ChangeNOW and Binance and still hold over 2,100 ETH. The value of this Ethereum was estimated at approximately $4.23 million.

The Gravity Bridge team confirmed the attack on Saturday and requested validators and orchestrators to halt operations during the investigation. The team later stated, "Thanks to the swift action of the validators, the bridge is currently suspended while the investigation is underway." The suspension of operations is interpreted as an emergency response to prevent further damage.

Gravity Bridge operates by locking tokens on the Ethereum (ETH) network and creating replicated tokens of those assets on the Cosmos network. Each transfer is approved by validator signatures. If an attacker obtains the appropriate signature keys, even fraudulent transactions can be processed as legitimate by the protocol, demonstrating that access control systems, rather than smart contract code, can be the core weakness in bridge security.

NewsBTC reported that this incident is another addition to the wave of hacks that have shaken the DeFi market in 2026. Bridges, in particular, have emerged as critical vulnerabilities targeted by attackers. According to a TRM Labs report, April 2026 was recorded as the month with the highest number of hacking incidents in cryptocurrency history, with the $292 million attack on Kelp DAO and the $285 million loss by Drift Protocol also cited as major cases during this period.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*