Attackers drained roughly $5.4 million from the Gravity Bridge Ethereum-side contract early on Might 30. On-chain investigators level to a compromised signing key moderately than a smart-contract flaw.
The exploit eliminated $4.3 million in USD Coin (USDC) and 274 ether (ETH) value $553,000. PeckShield additionally recorded $434,000 in Tether (USDT) and PAYG tokens value $64,000.
Contained in the Gravity Bridge hack
The drain got here from the bridge’s verified Ethereum contract, with privileged entry enabling withdrawals that appeared approved. On-chain analyst Specter flagged the incident first, itemizing two attacker addresses tied to the theft.
PeckShield mentioned the hacker moved a part of the proceeds by ChangeNow and Binance to obscure origins. Cyvers Alerts and different on-chain screens confirmed the figures shortly after.
Comply with us on X to get the most recent information because it occurs
The attacker swapped most stablecoins into ETH and now controls about 2,102 ETH value roughly $4.23 million.
Bridges Stay Crypto’s Weakest Hyperlink
Gravity Bridge connects Ethereum to the Cosmos ecosystem by IBC, letting property similar to USDC transfer between chains. The bridge held roughly $11.5 million in whole worth locked earlier than the drain.
Previous cross-chain bridge assaults like Ronin and Poly Community uncovered how concentrated keys grow to be a single level of failure.
PeckShield beforehand tallied eight main bridge exploits totaling $328.6 million in Might alone.
Earlier incidents embrace the Meter bridge hack and a broader sample of validator key failures throughout the sector.
Stablecoin issuers can blacklist addresses in minutes. Funds routed by non-custodial providers like ChangeNow are more durable to retrieve.
The remaining ETH stash is absolutely traceable on Etherscan however can nonetheless be break up, blended, or bridged to different chains.
The Gravity Bridge group has not issued a public response.
The submit Gravity Bridge Loses $5.4 Million in Suspected Signing Key Compromise appeared first on BeInCrypto.