Gravity Bridge Drained of $5.4 Million as Hacker Routes Stolen Funds Through Binance

Funds Routed Through Binance and ChangeNow

Gravity Bridge, a protocol that moves tokens betwixt Ethereum and the Cosmos ecosystem, mislaid astir $5.4 cardinal successful a caller exploit flagged by blockchain information steadfast Peckshield. The stolen assets included astir $4.3 cardinal successful USD Coin (USDC), 274 ether ( ETH) worthy astir $553,000, $434,000 successful tether ( USDT) and 14.164 PAYG tokens valued adjacent $64,000.

The attacker wasted small clip moving the proceeds. According to Peckshield’s assessment, portion of the haul has already been laundered done Changenow, a non-custodial swap service, and Binance, the world’s largest cryptocurrency speech by trading volume. As of the alert, the exploiter was inactive holding astir 2,102 ETH worthy astir $4.23 million, suggesting the bulk of the stolen worth remained onchain and perchance traceable.

Onchain log of the hacker moving funds from Gravity Bridge to Binance and Changenow.

Routing funds done a centralized exchange specified arsenic Binance tin interruption the way by mixing stolen coins with morganatic liquidity, but it besides exposes the funds to freezes if the platform’s compliance squad acts quickly. Swap services similar ChangeNow are often utilized to person assets into harder-to-trace tokens earlier they scope an exchange.

What Gravity Bridge Does

Gravity Bridge is simply a cross-chain span (software that lets users determination tokens from 1 blockchain to another), connecting Ethereum with the Cosmos web of interoperable chains. Built connected the Cosmos SDK, it works connected a lock-and-mint model. Here, a token is locked connected 1 concatenation and an equivalent practice is minted connected the other, past burned and redeemed erstwhile the idiosyncratic bridges back.

Rather than relying connected a tiny multi-signature wallet oregon a permissioned radical of operators, Gravity Bridge uses its validator acceptable to motion cross-chain transactions, a plan meant to marque it much decentralized and harder to compromise. That architecture has not made bridges immune to attacks because, by design, they clasp ample pools of locked assets, turning them into immoderate of the astir lucrative targets successful decentralized finance ( DeFi). A azygous flaw successful their validation logic tin unlock everything astatine once.

A Brutal Year for Cross-Chain Bridges

The Gravity Bridge incidental lands successful the mediate of a punishing agelong for cross-chain infrastructure, fixed Bitcoin.com News precocious reported that span exploits drained more than $328 million crossed 8 abstracted incidents done mid-May 2026 alone.

The signifier has been relentless passim the year. On May 18, attackers drained astir $11.5 cardinal from the Verus-Ethereum bridge, with the perpetrator funded done Tornado Cash earlier the theft. Subsequently, successful April, a suspected exploit pulled an estimated $200 million-plus retired of Drift Protocol portion a abstracted breach drained 116,500 rsETH from KelpDAO’s Layerzero adapter, exposing lending markets to imaginable atrocious debt.

Smaller hits person piled up too, including a $2.4 cardinal flash-loan onslaught connected the Shibarium bridge. In each of this, the repetition points to a structural occupation alternatively than a drawstring of atrocious luck. Bridges request to reconcile the differing information models of 2 chains, and the codification that verifies deposits and withdrawals has repeatedly proven to beryllium the weakest nexus (whether done missing validation checks, compromised keys oregon governance flaws).

Guessing the Moves Ahead

The contiguous question is however overmuch of the stolen $5.4 cardinal tin beryllium recovered. With the attacker inactive sitting connected astir $4.23 cardinal successful ETH, exchanges and analytics firms person a model to emblem and frost the funds, and protocols progressively usage nationalist unit and onchain messages to negociate returns. The Verus hacker, for instance, yet returned $8.5 million portion keeping a $2.8 cardinal bounty nether a betterment deal.

For now, Gravity Bridge users volition beryllium watching for an authoritative incidental study detailing the basal origin and immoderate program to reimburse affected depositors. Until bridges lick the validation weaknesses that support surfacing, the multichain economy’s astir important connectors are apt to stay its astir often robbed.