Gravity Bridge has halted operations this week after a $5.4 million exploit hit its cross-chain protocol, which connects Cosmos and Ethereum. The attacker drained funds and routed them through several major cryptocurrency platforms, raising fresh alarms about bridge security.
How the exploit unfolded
The breach targeted Gravity Bridge's smart contracts, which let users move assets between the Cosmos ecosystem and Ethereum. The stolen $5.4 million was quickly moved through what the team described as major platforms — likely exchanges or mixers — making recovery harder. The project paused the bridge shortly after detecting the attack, freezing all inbound and outbound transactions.
Why bridges keep getting hit
Cross-chain bridges have become a favorite target for hackers. Gravity Bridge is the latest in a long line of protocols that hold large pools of locked assets, making them lucrative. The fact that the stolen funds were routed through major platforms suggests the attacker is trying to launder the haul fast. Analysts — though not named in this case — have repeatedly warned that bridges are a weak link in DeFi security.
What users face now
Anyone with funds stuck in the bridge can't withdraw until operations resume. The team hasn't said when that'll happen. They're likely auditing the code and working with security firms to patch the vulnerability. Users on social media are asking for updates, but so far there's no timeline. The pause is indefinite.
What comes next
Gravity Bridge will need to publish a post-mortem and figure out if any funds can be recovered. The exploit's scale — $5.4 million — is steep but not crippling for a well-funded project. Still, trust takes longer to rebuild than code. The team has not yet announced a timeline for resuming operations.
