Key Takeaways
- Peckshield flagged a ~$5.4M Gravity Bridge exploit on May 30, including $4.3M in USDC and 274 ETH.
- The theft adds to over $328M Peckshield tracked across bridge hacks in May 2026.
- The attacker still holds 2,102 ETH (~$4.23M), with onchain sleuths tracking the laundering trail.
Funds Routed Through Binance and ChangeNow
Gravity Bridge, a protocol that moves tokens between Ethereum and the Cosmos ecosystem, lost about $5.4 million in a fresh exploit flagged by blockchain security firm Peckshield. The stolen assets included roughly $4.3 million in USD Coin (USDC), 274 ether ( ETH) worth about $553,000, $434,000 in tether ( USDT) and 14.164 PAYG tokens valued near $64,000.
The attacker wasted little time moving the proceeds. According to Peckshield’s assessment, part of the haul has already been laundered through Changenow, a non-custodial swap service, and Binance, the world’s largest cryptocurrency exchange by trading volume. As of the alert, the exploiter was still holding about 2,102 ETH worth roughly $4.23 million, suggesting the bulk of the stolen value remained onchain and potentially traceable.
Routing funds through a centralized exchange such as Binance can break the trail by mixing stolen coins with legitimate liquidity, but it also exposes the funds to freezes if the platform’s compliance team acts quickly. Swap services like ChangeNow are often used to convert assets into harder-to-trace tokens before they reach an exchange.
What Gravity Bridge Does
Gravity Bridge is a cross-chain bridge (software that lets users move tokens from one blockchain to another), connecting Ethereum with the Cosmos network of interoperable chains. Built on the Cosmos SDK, it works on a lock-and-mint model. Here, a token is locked on one chain and an equivalent representation is minted on the other, then burned and redeemed when the user bridges back.
Rather than relying on a small multi-signature wallet or a permissioned group of operators, Gravity Bridge uses its validator set to sign cross-chain transactions, a design meant to make it more decentralized and harder to compromise. That architecture has not made bridges immune to attacks because, by design, they hold large pools of locked assets, turning them into some of the most lucrative targets in decentralized finance ( DeFi). A single flaw in their validation logic can unlock everything at once.
A Brutal Year for Cross-Chain Bridges
The Gravity Bridge incident lands in the middle of a punishing stretch for cross-chain infrastructure, given Bitcoin.com News recently reported that bridge exploits drained more than $328 million across eight separate incidents through mid-May 2026 alone.
The pattern has been relentless throughout the year. On May 18, attackers drained about $11.5 million from the Verus-Ethereum bridge, with the perpetrator funded through Tornado Cash before the theft. Subsequently, in April, a suspected exploit pulled an estimated $200 million-plus out of Drift Protocol while a separate breach drained 116,500 rsETH from KelpDAO’s Layerzero adapter, exposing lending markets to potential bad debt.
Smaller hits have piled up too, including a $2.4 million flash-loan attack on the Shibarium bridge. In all of this, the repetition points to a structural problem rather than a string of bad luck. Bridges need to reconcile the differing security models of two chains, and the code that verifies deposits and withdrawals has repeatedly proven to be the weakest link (whether through missing validation checks, compromised keys or governance flaws).
Guessing the Moves Ahead
The immediate question is how much of the stolen $5.4 million can be recovered. With the attacker still sitting on roughly $4.23 million in ETH, exchanges and analytics firms have a window to flag and freeze the funds, and protocols increasingly use public pressure and onchain messages to negotiate returns. The Verus hacker, for instance, ultimately returned $8.5 million while keeping a $2.8 million bounty under a recovery deal.
For now, Gravity Bridge users will be watching for an official incident report detailing the root cause and any plan to reimburse affected depositors. Until bridges solve the validation weaknesses that keep surfacing, the multichain economy’s most important connectors are likely to remain its most frequently robbed.
