Gravity Bridge in Cosmos Ecosystem Suspected of Key Leak Attack, Approximately $5.4 Million in Crypto Assets Stolen

Gravity Bridge has previously served as a crucial asset transfer channel between Cosmos and chains like Ethereum, having exposed risks multiple times due to permission design issues. This signature key leak continues the pattern of significant losses seen since 2022 with cross-chain bridges like Nomad and Ronin due to private key/admin key control.

In terms of capital flow, attackers utilized the leaked keys to directly transfer assets such as USDC and WETH, motivated by the high returns from the concentrated custodial assets of cross-chain bridges. The project team has been forced to suspend services and investigate, attempting to coordinate with the community to minimize secondary losses.

Similar cases include the nearly $200 million theft from the Nomad bridge in 2022 and the early Guardian mechanism risks of Wormhole, as well as recent security incidents involving multiple Cosmos ecosystem bridges. The cross-chain field is currently undergoing a slow transition from centralized multi-signature to zero-knowledge proofs and distributed verification.

Essentially, this represents a technological shift: cross-chain infrastructure is moving from reliance on a few signature keys to a more decentralized security architecture. The mechanism is driven by the persistently high attack returns and advancements in on-chain tracking technology, forcing capital to be reallocated to protocols resistant to single points of failure, thereby increasing overall DeFi security costs and restructuring trust pricing.

ABAB News · Cognitive Law

The more concentrated the keys, the more severe the losses; the more distributed the verification, the more stable the security.
The larger the bridge, the greater the risk; the faster the suspension, the earlier the loss mitigation.
Excellent protocols sell decentralization, while fragile protocols sell speed and low fees.