The cross-chain protocol Gravity Bridge fell victim to a serious attack. According to security analysts, the hacker managed to drain asset pools totaling around $5.4 million.
๐ On-chain analysis details: what exactly was stolen?
Monitoring platforms (notably PeckShield and Specter) report that the hacker wiped out liquidity in several popular tokens. The attacker drained:
$4.33 million in USDC
274 WETH (around $553,000)
$434,000 in USDT
14.16 PAXG (tokenized gold, around $64,000)
๐ What's the cause and what is the team doing?
Attack vector: Researchers agree this isn't a smart contract code bug, but rather a compromise of the bridge's signing keys.
Project response: The Gravity Bridge team reacted immediately to the incident, urging validators to halt network operations and orchestrators. The bridge is currently fully frozen for a thorough investigation and to prevent further losses.
๐ก What should users do right now?
Avoid transactions: Do not attempt to send funds through Gravity Bridge until an official report is released.
Check permissions: If you've previously interacted with the bridge contracts, be sure to check and revoke approvals for those addresses via services like Revoke.cash or Rabby.
We're keeping an eye on updates from the team regarding security and possible compensation plans for those affected.
#GravityBridge #CryptoSecurity #DeFi #Exploit #Web3Security #PeckShield