A recent string of cyberattacks has targeted the cross-chain bridge ecosystem, with Gravity Bridge being the latest victim. On May 30, blockchain security firms PeckShield and Cyvers flagged a theft of $5.4 million from the Ethereum-side contract of the bridge.
The stolen funds include approximately $4.3 million in USDC, $434,000 in USDT, and 14,164 PAYG tokens valued at about $64,000. The hacker also drained 274 ETH, worth roughly $553,000.
On-chain analyst Specter identified the suspected attack vector as a compromise of the bridge contract key or signing path. Two Ethereum addresses have been linked to the theft, and laundering has already begun through ChangeNow and Binance.