Overview
- Security researchers flagged unusual withdrawals that drained about $5.4 million from Gravity Bridge, and the protocol halted operations and asked validators and orchestrators to stop while it investigates.
- PeckShield traced the stolen assets to a wallet and reported roughly $4.3 million in USDC, 274 wrapped ETH, $434,000 in USDT, and 14.16 PAXG moved during the drain.
- Investigators say some funds were routed through swap services ChangeNow and the exchange Binance, and a related address was reported holding roughly 2,100 ETH that trackers continue to follow.
- On-chain analyst Specter and other security firms say the transaction pattern looks like withdrawals approved with valid signatures, which suggests a signing-key or authorization compromise rather than a smart-contract bug.
- The incident, reported Saturday, May 30, 2026, joins other 2026 bridge losses driven by operational key-management failures and could prompt tighter validator key custody, audit practices, and monitoring by users and exchanges.