{"id":73301,"date":"2026-05-30T13:10:41","date_gmt":"2026-05-30T13:10:41","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/gravity-bridge-drained-of-5-4-million-as-hacker-routes-stolen-funds-through-binance\/"},"modified":"2026-05-30T13:10:41","modified_gmt":"2026-05-30T13:10:41","slug":"gravity-bridge-drained-of-5-4-million-as-hacker-routes-stolen-funds-through-binance","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/gravity-bridge-drained-of-5-4-million-as-hacker-routes-stolen-funds-through-binance\/","title":{"rendered":"Gravity Bridge Drained of $5.4 Million as Hacker Routes Stolen Funds Through Binance"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<p><span style=\"font-weight:400\"><\/p>\n<div class=\"@container mb-[25px] rounded-sm overflow-clip py-0.5 pr-0.5 pl-2.5 bg-success-100\">\n<div class=\"flex flex-col gap-m overflow-clip rounded-[6px] !bg-success-10 p-3 @[420px]:p-m\">\n<h2 class=\"m-0 flex items-center gap-s text-[19px] !text-[#1c1c1c] md:text-[20px]\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"10\" viewbox=\"0 0 16 10\" fill=\"none\" class=\"shrink-0 text-success-100\" aria-hidden=\"true\"><path d=\"M1 1.5h14\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><path d=\"M1 8.5h10\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><span>Key Takeaways<\/span><\/h2>\n<ul class=\"m-0 flex list-none flex-col gap-m pl-0\">\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Peckshield flagged a ~$5.4M Gravity Bridge exploit on May 30, including $4.3M in USDC and 274 ETH.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">The theft adds to over $328M Peckshield tracked across bridge hacks in May 2026.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">The attacker still holds 2,102 ETH (~$4.23M), with onchain sleuths tracking the laundering trail.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p><\/span><\/p>\n<h2><span style=\"font-weight:400\">Funds Routed Through Binance and ChangeNow<\/span><\/h2>\n<p><span style=\"font-weight:400\">Gravity Bridge, a protocol that moves tokens between Ethereum and the Cosmos ecosystem, lost about $5.4 million in a fresh exploit flagged by <span>blockchain<\/span> security firm Peckshield. The stolen assets included roughly $4.3 million in USD Coin (USDC), 274 ether ( <span>ETH<\/span>) worth about $553,000, $434,000 in tether ( <span>USDT<\/span>) and 14.164 PAYG tokens valued near $64,000.<\/span><\/p>\n<p><span style=\"font-weight:400\">The attacker wasted little time moving the proceeds. According to Peckshield\u2019s assessment, part of the haul has already been laundered through Changenow, a non-custodial swap service, and Binance, the world\u2019s largest <span>cryptocurrency<\/span> exchange by <span>trading volume<\/span>. As of the alert, the exploiter was still holding about 2,102 <span>ETH<\/span> worth roughly $4.23 million, suggesting the bulk of the stolen value remained onchain and potentially traceable.<\/span><\/p>\n<figure id=\"attachment_818461\" aria-describedby=\"caption-attachment-818461\" style=\"width:1368px\" class=\"wp-caption aligncenter\"><figcaption id=\"caption-attachment-818461\" class=\"wp-caption-text\">Onchain log of the hacker moving funds from Gravity Bridge to Binance and Changenow.<\/figcaption><\/figure>\n<p><span style=\"font-weight:400\">Routing funds through a <span>centralized exchange<\/span> such as Binance can break the trail by mixing stolen coins with legitimate <span>liquidity<\/span>, but it also exposes the funds to freezes if the platform\u2019s compliance team acts quickly. Swap services like ChangeNow are often used to convert assets into harder-to-trace tokens before they reach an exchange.<\/span><\/p>\n<h2><span style=\"font-weight:400\">What Gravity Bridge Does<\/span><\/h2>\n<p><span style=\"font-weight:400\">Gravity Bridge is a cross-chain bridge (software that lets users move tokens from one <span>blockchain<\/span> to another), connecting Ethereum with the Cosmos network of interoperable chains. Built on the Cosmos SDK, it works on a lock-and-mint model. Here, a token is locked on one chain and an equivalent representation is minted on the other, then burned and redeemed when the user bridges back.<\/span><\/p>\n<p><span style=\"font-weight:400\">Rather than relying on a small multi-signature wallet or a permissioned group of operators, Gravity Bridge uses its validator set to sign cross-chain transactions, a design meant to make it more decentralized and harder to compromise. That architecture has not made bridges immune to attacks because, b<\/span><span style=\"font-weight:400\">y design, they hold large pools of locked assets, turning them into some of the most lucrative targets in <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-defi-decentralized-finance\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">decentralized finance<\/a> ( <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-defi-decentralized-finance\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">DeFi<\/a>). A single flaw in their validation logic can unlock everything at once.<\/span><\/p>\n<h2><span style=\"font-weight:400\">A Brutal Year for Cross-Chain Bridges<\/span><\/h2>\n<p><span style=\"font-weight:400\">The Gravity Bridge incident lands in the middle of a punishing stretch for cross-chain infrastructure, given <a href=\"https:\/\/www.bitcoin.com\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">Bitcoin.com<\/a> News recently reported that bridge exploits drained <\/span><a href=\"https:\/\/news.bitcoin.com\/crypto-bridge-exploits-328-million-may-2026-peckshield\/\"><span style=\"font-weight:400\">more than $328 million<\/span><\/a><span style=\"font-weight:400\"> across eight separate incidents through mid-May 2026 alone.<\/span><\/p>\n<p><span style=\"font-weight:400\">The pattern has been relentless throughout the year. On May 18, attackers drained about $11.5 million from the <\/span><a href=\"https:\/\/news.bitcoin.com\/verus-ethereum-bridge-hack-11-million-tornado-cash-2026\/\"><span style=\"font-weight:400\">Verus-Ethereum bridge<\/span><\/a><span style=\"font-weight:400\">, with the perpetrator funded through Tornado Cash before the theft. <\/span><span style=\"font-weight:400\">Subsequently, in April, a suspected exploit pulled an estimated $200 million-plus out of <\/span><span style=\"font-weight:400\">Drift Protocol<\/span> while a<span style=\"font-weight:400\"> separate breach drained 116,500 rsETH from KelpDAO\u2019s <\/span><a href=\"https:\/\/news.bitcoin.com\/incident-report-llamarisk-aave-service-providers-detail-kelp-rseth-hack-across-ethereum-and-arbitrum-markets\/\"><span style=\"font-weight:400\">Layerzero adapter<\/span><\/a><span style=\"font-weight:400\">, exposing lending markets to potential bad debt.<\/span><\/p>\n<p><span style=\"font-weight:400\">Smaller hits have piled up too, including a $2.4 million flash-loan attack on the <\/span><a href=\"https:\/\/news.bitcoin.com\/flash-loan-attack-hits-shibarium-bridge-draining-2-4-million\/\"><span style=\"font-weight:400\">Shibarium bridge<\/span><\/a><span style=\"font-weight:400\">. In all of this, t<\/span><span style=\"font-weight:400\">he repetition points to a structural problem rather than a string of bad luck. Bridges need to reconcile the differing security models of two chains, and the code that verifies deposits and withdrawals has repeatedly proven to be the weakest link (whether through missing validation checks, compromised keys or governance flaws).<\/span><\/p>\n<h2>Guessing the Moves Ahead<\/h2>\n<p><span style=\"font-weight:400\">The immediate question is how much of the stolen $5.4 million can be recovered. With the attacker still sitting on roughly $4.23 million in <a href=\"https:\/\/branch.wallet.bitcoin.com\/news-contextual-eth\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">ETH<\/a>, exchanges and analytics firms have a window to flag and freeze the funds, and protocols increasingly use public pressure and onchain messages to negotiate returns. The Verus hacker, for instance, ultimately <\/span><span style=\"font-weight:400\">returned $8.5 million<\/span><span style=\"font-weight:400\"> while keeping a $2.8 million bounty under a recovery deal.<\/span><\/p>\n<p><span style=\"font-weight:400\">For now, Gravity Bridge users will be watching for an official incident report detailing the root cause and any plan to reimburse affected depositors. Until bridges solve the validation weaknesses that keep surfacing, the multichain economy\u2019s most important connectors are likely to remain its most frequently robbed.<\/span><\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/gravity-bridge-exploit-5-4-million-binance-changenow-2026\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways Peckshield flagged a ~$5.4M Gravity Bridge exploit on May 30, including $4.3M in USDC and 274 ETH. The theft adds to over $328M Peckshield tracked across bridge hacks in May 2026. The attacker still holds 2,102 ETH (~$4.23M), with onchain sleuths tracking the laundering trail. Funds [&hellip;]<\/p>\n","protected":false},"author":3947362404,"featured_media":73302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/73301"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/3947362404"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=73301"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/73301\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/73302"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=73301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=73301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=73301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}