Audit log

Every state-changing event for Gravity Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-02 18:52:59Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,867,592

   sig

   4Xo3un4Jd7mf…Ch8GWpAHcopyexplorer ↗

   hash

   EGYBeLhShw2g…VPJpso7Ccopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (22636 B) ▸

   {"actor":"system:backfill","investigation_id":"582966b9-8c93-41f5-84e2-72eee4bafbd3","kind":"publish","page_slug":"gravity-bridge","published_at":"2026-06-02T18:52:59.300Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Gravity Bridge","sections":[{"content":"On May 30, 2026, Gravity Bridge's Ethereum-side smart contracts were drained of approximately $5.4 million in a security incident flagged by blockchain security firm PeckShield and on-chain analyst Specter (pseudonymous; X handle @SpecterAnalyst). The asset breakdown, as reported by PeckShield, was: approximately $4.3 million in USDC, 274 wrapped ETH valued at approximately $553,000, approximately $434,000 in USDT, and 14.164 PAYG tokens valued at approximately $64,000.\n\nSecurity researchers assessed the attack vector as a compromise of one or more validator signing keys rather than a flaw in the bridge's Solidity smart contracts. Gravity Bridge's security model requires a threshold of validators to co-sign withdrawal authorizations; an attacker who obtains sufficient signing credentials can produce withdrawals that the Ethereum-side contract treats as legitimate. Specter stated that 'the transaction pattern appeared consistent with unauthorized withdrawals approved through compromised authorization.' Two Ethereum addresses were publicly linked to the theft: 0x7B582033061b96cC3F9421e73a749ED7C62da1F9 and 0x4d3ca32e687e871a58b78AcAc73bE59AC37C7A47.\n\nA portion of the stolen funds was laundered through ChangeNow, a non-custodial instant swap service, and subsequently routed through Binance. As of June 1, 2026, the primary attacker wallet still held approximately 2,102 ETH valued at roughly $4.23 million, leaving the bulk of the stolen value on-chain and potentially traceable. No postmortem had been published by the Gravity Bridge team as of June 2, 2026, leaving the precise entry point for the key compromise unconfirmed.\n\nGravity Bridge's total value locked (TVL) fell from approximately $11.82 million to $6.24 million in the immediate aftermath of the exploit — a drop of roughly 47%. The GRAV governance token declined alongside the broader protocol impact.","heading":"May 2026 Exploit — Validator Signing-Key Compromise","severity":"critical","sources":[{"credibility":2,"name":"Cosmos-based Gravity Bridge drained of $5.4 million in suspected key compromise, researchers say — The Block","type":"news_article","url":"https://www.theblock.co/post/403108/cosmos-based-gravity-bridge-drained-of-5-4-million-in-suspected-key-compromise-researchers-say"},{"credibility":2,"name":"Gravity Bridge Drained of $5.4 Million as Hacker Routes Stolen Funds Through Binance — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/gravity-bridge-exploit-5-4-million-binance-changenow-2026/"},{"credibility":2,"name":"Gravity Bridge Hit in $5.4M Exploit Amid Suspected Key Compromise — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/gravity-bridge-hit-in-5-4m-exploit-amid-suspected-key-compromise/"},{"credibility":2,"name":"Gravity Bridge hack drains $5.4M as TVL crashes 47% — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/gravity-bridge-hack-drains-5-4m-as-tvl-crashes-47-details/"},{"credibility":2,"name":"Hackers drain $5.4M from Gravity's Ethereum–Cosmos bridge — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/hacker-drain-gravity-bridge/"}]},{"content":"Gravity Bridge is a standalone Cosmos SDK-based blockchain purpose-built to bridge ERC-20 tokens between Ethereum and the Cosmos IBC ecosystem. The bridge's security relies on a permissioned validator set: ERC-20 tokens are locked in a Solidity contract (Gravity.sol) on Ethereum, and the Gravity Bridge validator set observes lock events, reaches consensus, and mints IBC-compatible representations on the Cosmos side. Outbound withdrawals from the Ethereum contract likewise require a threshold of validator signatures. This design avoids multisig custody by tieing bridge authority to the on-chain stake-weighted validator set, with validator misbehavior subject to slashing.\n\nA known architectural limitation identified in the Informal Systems audit (referenced in GitHub issue #206) is that individual full nodes on Cosmos cannot independently validate Ethereum-side events — they rely on the orchestrator set's attestation. This means the security guarantee of the bridge is not equivalent to the security of the underlying Cosmos chain; it is bounded by the integrity of the orchestrator/validator key infrastructure. The May 2026 exploit is consistent with this architectural risk profile: no smart contract logic was found to be defective, yet the key management layer was apparently breached.","heading":"Bridge Architecture and Security Model","severity":"high","sources":[{"credibility":1,"name":"Why it Works — gravitybridge.net","type":"official","url":"https://www.gravitybridge.net/why-it-works"},{"credibility":1,"name":"cosmos/gravity-bridge GitHub — design overview","type":"official","url":"https://github.com/cosmos/gravity-bridge/blob/main/docs/design/overview.md"},{"credibility":2,"name":"No Independent Validation in Cosmos — GitHub issue #206, althea-net/cosmos-gravity-bridge","type":"research","url":"https://github.com/althea-net/cosmos-gravity-bridge/issues/206"},{"credibility":2,"name":"An Introduction to Gravity Bridge Blockchain — Stakin","type":"research","url":"https://stakin.com/blog/an-introduction-to-gravity-bridge-blockchain"}]},{"content":"Prior to its December 2021 mainnet launch, Gravity Bridge underwent three independent security reviews. Least Authority conducted a formal audit whose report is publicly available. Informal Systems conducted a separate audit that identified architectural concerns around independent validation. Code4rena hosted a competitive audit contest in August–September 2021 with a prize pool exceeding $100,000; that audit returned 44 unique findings including 4 marked HIGH severity and 4 marked MEDIUM severity, all of which were reportedly addressed before mainnet launch.\n\nDespite this audit history, the May 2026 exploit did not exploit the Solidity smart contracts that were the subject of those reviews. Security researchers and the Gravity Bridge team's own halt notice framed the breach as an operational key-management failure rather than a code vulnerability — a category of risk not fully addressed by smart-contract-focused audits. No audit or formal review of the validator key custody practices, orchestrator infrastructure, or key rotation procedures has been publicly documented.","heading":"Security Audits and Prior Review History","severity":"high","sources":[{"credibility":1,"name":"Least Authority — Gravity Bridge Security Audit Report (PDF)","type":"research","url":"https://leastauthority.com/static/publications/LeastAuthority_Althea_Gravity%20Bridge_Final_Audit_Report.pdf"},{"credibility":1,"name":"Code4rena — Gravity Bridge Audit Report (August 2021)","type":"research","url":"https://code4rena.com/reports/2021-08-gravitybridge"},{"credibility":2,"name":"Code4rena comes to Cosmos: first audit contest is a $100k+ challenge to hack Gravity Bridge — Code4rena Medium","type":"news_article","url":"https://medium.com/code4rena/code4rena-comes-to-cosmos-29269f4d13d"}]},{"content":"Following the exploit, the attacker converted a portion of the stolen USDC, USDT, and PAYG tokens through ChangeNow, a non-custodial instant-swap service that does not require identity verification and does not maintain withdrawal logs accessible to investigators in real time. A subsequent portion of funds was routed to Binance, the world's largest centralized exchange by volume. ChangeNow-to-Binance routing is a common two-stage obfuscation technique used in crypto theft: the first hop converts stablecoins to a different asset class, while the second hop introduces a major exchange's internal transfer system to break on-chain linkage.\n\nAs of June 1, 2026, approximately 2,102 ETH valued at roughly $4.23 million remained in the primary attacker wallet (0x7B582033061b96cC3F9421e73a749ED7C62da1F9), indicating that the bulk of the stolen value had not yet been fully liquidated. Arkham Intelligence data shared by Specter corroborated the ETH balance in a related wallet holding approximately $4.16 million. The retention of this volume in a known address provides some opportunity for exchange cooperation and potential freezing, although no public announcement of exchange cooperation had been reported as of June 2, 2026.","heading":"Fund Laundering and On-Chain Traceability","severity":"critical","sources":[{"credibility":2,"name":"Gravity Bridge Faces $5.4M Exploit As Hacker Launders Funds Through ChangeNow And Binance — Blockchain Reporter","type":"news_article","url":"https://blockchainreporter.net/gravity-bridge-faces-5-4m-exploit-as-hacker-launders-funds-through-changenow-and-binance"},{"credibility":2,"name":"Gravity Bridge Drained of $5.4 Million as Hacker Routes Stolen Funds Through Binance — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/gravity-bridge-exploit-5-4-million-binance-changenow-2026/"},{"credibility":2,"name":"Gravity Bridge Loses $5.4M in Suspected Key Compromise Attack — CoinPaper","type":"news_article","url":"https://coinpaper.com/17389/gravity-bridge-loses-5-4-m-in-suspected-key-compromise-attack"}]},{"content":"Following the exploit, the Gravity Bridge team published a brief official statement via social media: 'There was an unfortunate incident on Gravity. Validators should halt their validators and orchestrators while this incident is being investigated.' A subsequent update confirmed: 'Thanks to the swift action of validators, the bridge is currently halted while investigations continue.' The bridge remained fully halted as of June 2, 2026.\n\nNo formal postmortem, compensation plan, or timeline for bridge reopening had been announced publicly as of the time of this investigation. The absence of a detailed technical disclosure means the precise scope of key compromise — whether it was a single validator, multiple validators, or an infrastructure-level breach — remains unconfirmed in the public record.","heading":"Protocol Response and Current Bridge Status","severity":"critical","sources":[{"credibility":2,"name":"Gravity Bridge halts network after $5.4M exploit — Grafa","type":"news_article","url":"https://grafa.com/en/news/crypto/gravity-bridge-54m-exploit"},{"credibility":2,"name":"Gravity Bridge Halts After $5.4M Exploit Hits Cross-Chain Protocol — BitcoinEthereumNews","type":"news_article","url":"https://bitcoinethereumnews.com/tech/gravity-bridge-halts-after-5-4m-exploit-hits-cross-chain-protocol/"},{"credibility":2,"name":"Cosmos ecosystem cross-chain bridge Gravity Bridge announced the suspension of services — ChainCatcher","type":"news_article","url":"https://www.chaincatcher.com/en/article/2268332"}]},{"content":"Gravity Bridge was built by Althea Network, a distributed bandwidth sales platform founded by Deborah Simpier (CEO), Justin Kilpatrick (CTO, lead bridge engineer), and Jehan Tremback (initial CEO). The project received development support and partial funding from the Interchain Foundation (ICF), the Swiss non-profit that oversees the Cosmos ecosystem. Additional support came from the Peggy JV partnership, which paired Althea with the Iqlusion team. The Sommelier Protocol team also collaborated on early Gravity design.\n\nThe bridge launched its mainnet on December 14, 2021, following more than two years of development and over 70,000 lines of code. By early 2022 the frontend was live and became one of the most widely adopted bridges in the Cosmos ecosystem, eventually connecting to more than half of IBC-enabled chains. The GRAV token serves as the governance and staking token for the bridge's validator set.\n\nAs of June 2, 2026, GRAV traded at approximately $0.00066 with a market capitalization of approximately $854,000 and a circulating supply of approximately 1.3 billion tokens (source: CoinMarketCap). The token reached an all-time high of approximately $0.256.","heading":"Protocol Background and Founding Team","severity":"low","sources":[{"credibility":2,"name":"Introducing Deborah Simpier — Sommelier Finance","type":"other","url":"https://www.sommelier.finance/blog/introducing-deborah-simpier-althea-ceo-and-sommelier-co-founder-who-brought-the-gravity-bridge-to-life-in-the-cosmos"},{"credibility":2,"name":"Introducing Justin Kilpatrick — Sommelier Finance","type":"other","url":"https://www.sommelier.finance/blog/introducing-justin-kilpatrick-the-blockchain-bridge-wizard-who-maintains-gravity"},{"credibility":1,"name":"Announcing the Cosmos Gravity Bridge — Althea Blog","type":"official","url":"https://blog.althea.net/gravity-bridge/"},{"credibility":1,"name":"Gravity Bridge Launches! Unlocking Inter-Chain Liquidity — Business Wire","type":"news_article","url":"https://www.businesswire.com/news/home/20220119005471/en/Gravity-Bridge-Launches-Unlocking-Inter-Chain-Liquidity-"},{"credibility":2,"name":"Graviton (GRAV) price today — CoinMarketCap","type":"on_chain","url":"https://coinmarketcap.com/currencies/grav/"}]},{"content":"The Gravity Bridge incident occurred amid a wave of cross-chain bridge exploits in 2026. PeckShield reported that at least eight major bridge hacks had been recorded through mid-May 2026, with cumulative losses of approximately $328.6 million. The Verus-Ethereum bridge lost approximately $11.5 million on May 18, 2026. Earlier in 2026, the Kelp DAO bridge suffered an approximately $292 million loss attributed to an RPC node compromise. Gravity Bridge's incident pattern — signing-key compromise rather than smart contract bug — mirrors the Kelp DAO incident and underscores that operational security of key material is a persistent vulnerability in bridge infrastructure, even where smart contract code has been formally audited.","heading":"Broader Context: Bridge Security in 2026","severity":"medium","sources":[{"credibility":2,"name":"Gravity Bridge Hit in $5.4M Exploit Amid Suspected Key Compromise — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/gravity-bridge-hit-in-5-4m-exploit-amid-suspected-key-compromise/"},{"credibility":2,"name":"Gravity Bridge Suffers $5.4M Exploit in Validator Key Security Breach — Blockonomi","type":"news_article","url":"https://blockonomi.com/gravity-bridge-suffers-5-4m-exploit-in-validator-key-security-breach"}]}],"sources_used":[{"credibility":2,"name":"Cosmos-based Gravity Bridge drained of $5.4 million in suspected key compromise — The Block","type":"news_article","url":"https://www.theblock.co/post/403108/cosmos-based-gravity-bridge-drained-of-5-4-million-in-suspected-key-compromise-researchers-say"},{"credibility":2,"name":"Gravity Bridge Drained of $5.4 Million as Hacker Routes Stolen Funds Through Binance — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/gravity-bridge-exploit-5-4-million-binance-changenow-2026/"},{"credibility":2,"name":"Gravity Bridge Hit in $5.4M Exploit Amid Suspected Key Compromise — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/gravity-bridge-hit-in-5-4m-exploit-amid-suspected-key-compromise/"},{"credibility":2,"name":"Gravity Bridge hack drains $5.4M as TVL crashes 47% — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/gravity-bridge-hack-drains-5-4m-as-tvl-crashes-47-details/"},{"credibility":2,"name":"Hackers drain $5.4M from Gravity's Ethereum–Cosmos bridge — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/hacker-drain-gravity-bridge/"},{"credibility":2,"name":"Gravity Bridge halts network after $5.4M exploit — Grafa","type":"news_article","url":"https://grafa.com/en/news/crypto/gravity-bridge-54m-exploit"},{"credibility":2,"name":"Gravity Bridge Halts After $5.4M Exploit Hits Cross-Chain Protocol — BitcoinEthereumNews","type":"news_article","url":"https://bitcoinethereumnews.com/tech/gravity-bridge-halts-after-5-4m-exploit-hits-cross-chain-protocol/"},{"credibility":2,"name":"Gravity Bridge halted after $5.4M drain hits Ethereum-Cosmos link — crypto.news","type":"news_article","url":"https://crypto.news/gravity-bridge-halted-after-5-4m-drain-hits-ethereum-cosmos-link/"},{"credibility":2,"name":"Gravity Bridge Loses $5.4M in Suspected Key Compromise Attack — CoinPaper","type":"news_article","url":"https://coinpaper.com/17389/gravity-bridge-loses-5-4-m-in-suspected-key-compromise-attack"},{"credibility":2,"name":"Gravity Bridge Faces $5.4M Exploit As Hacker Launders Funds Through ChangeNow And Binance — Blockchain Reporter","type":"news_article","url":"https://blockchainreporter.net/gravity-bridge-faces-5-4m-exploit-as-hacker-launders-funds-through-changenow-and-binance"},{"credibility":2,"name":"Gravity Bridge Suffers $5.4M Exploit in Validator Key Security Breach — Blockonomi","type":"news_article","url":"https://blockonomi.com/gravity-bridge-suffers-5-4m-exploit-in-validator-key-security-breach"},{"credibility":2,"name":"Gravity Bridge Loses $5.4 Million in Suspected Signing Key Compromise — BeinCrypto","type":"news_article","url":"https://beincrypto.com/gravity-bridge-hack-key-compromise-5m/"},{"credibility":1,"name":"Least Authority — Gravity Bridge Security Audit Report (PDF)","type":"research","url":"https://leastauthority.com/static/publications/LeastAuthority_Althea_Gravity%20Bridge_Final_Audit_Report.pdf"},{"credibility":1,"name":"Code4rena — Gravity Bridge Audit Report (August 2021)","type":"research","url":"https://code4rena.com/reports/2021-08-gravitybridge"},{"credibility":2,"name":"No Independent Validation in Cosmos — GitHub issue #206, althea-net/cosmos-gravity-bridge","type":"research","url":"https://github.com/althea-net/cosmos-gravity-bridge/issues/206"},{"credibility":1,"name":"Announcing the Cosmos Gravity Bridge — Althea Blog","type":"official","url":"https://blog.althea.net/gravity-bridge/"},{"credibility":1,"name":"Gravity Bridge Launches! Unlocking Inter-Chain Liquidity — Business Wire","type":"news_article","url":"https://www.businesswire.com/news/home/20220119005471/en/Gravity-Bridge-Launches-Unlocking-Inter-Chain-Liquidity-"},{"credibility":2,"name":"Introducing Deborah Simpier — Sommelier Finance","type":"other","url":"https://www.sommelier.finance/blog/introducing-deborah-simpier-althea-ceo-and-sommelier-co-founder-who-brought-the-gravity-bridge-to-life-in-the-cosmos"},{"credibility":2,"name":"Introducing Justin Kilpatrick — Sommelier Finance","type":"other","url":"https://www.sommelier.finance/blog/introducing-justin-kilpatrick-the-blockchain-bridge-wizard-who-maintains-gravity"},{"credibility":1,"name":"cosmos/gravity-bridge GitHub repository","type":"official","url":"https://github.com/cosmos/gravity-bridge"},{"credibility":1,"name":"althea-net/cosmos-gravity-bridge GitHub repository","type":"official","url":"https://github.com/althea-net/cosmos-gravity-bridge"},{"credibility":2,"name":"Graviton (GRAV) price today — CoinMarketCap","type":"on_chain","url":"https://coinmarketcap.com/currencies/grav/"},{"credibility":2,"name":"Gravity Bridge TVL — DefiLlama","type":"on_chain","url":"https://defillama.com/protocol/gravity-bridge"},{"credibility":1,"name":"Why it Works — gravitybridge.net","type":"official","url":"https://www.gravitybridge.net/why-it-works"},{"credibility":2,"name":"Cosmos ecosystem cross-chain bridge Gravity Bridge announced the suspension of services — ChainCatcher","type":"news_article","url":"https://www.chaincatcher.com/en/article/2268332"}],"summary":"Gravity Bridge is a purpose-built, decentralized blockchain bridge developed by Althea Network that enables bidirectional transfer of ERC-20 tokens between Ethereum and the Cosmos IBC ecosystem. It launched mainnet in December 2021 after three independent security audits and became the most widely adopted bridge in the Cosmos ecosystem. On May 30, 2026, the bridge suffered a critical security incident in which approximately $5.4 million was drained via an alleged validator signing-key compromise, prompting a full bridge halt that remained in effect as of June 2, 2026.","timeline":[{"date":"2021-08-26","event":"Code4rena competitive audit contest for Gravity Bridge opens, with a prize pool exceeding $100,000. The contest runs through September 8, 2021, and yields 44 findings including 4 HIGH severity.","source":"Code4rena audit report","source_url":"https://code4rena.com/reports/2021-08-gravitybridge"},{"date":"2021-12-14","event":"Gravity Bridge mainnet launches in a decentralized genesis event with over 100 validators, following two years of development and three independent audits.","source":"Business Wire press release","source_url":"https://www.businesswire.com/news/home/20220119005471/en/Gravity-Bridge-Launches-Unlocking-Inter-Chain-Liquidity-"},{"date":"2022-01-26","event":"Gravity Bridge frontend goes live, with first transfers of DAI, ETH, and USDC from Ethereum to Cosmos.","source":"Gravity Bridge Q3 Updates / Stakin blog","source_url":"https://stakin.com/blog/an-introduction-to-gravity-bridge-blockchain"},{"date":"2026-05-30","event":"Approximately $5.4 million is drained from the Gravity Bridge Ethereum-side contracts. PeckShield and on-chain analyst Specter flag the incident. Two attacker addresses identified: 0x7B582033061b96cC3F9421e73a749ED7C62da1F9 and 0x4d3ca32e687e871a58b78AcAc73bE59AC37C7A47. Stolen assets: ~$4.3M USDC, ~$553K ETH (274 ETH), ~$434K USDT, ~$64K PAYG tokens.","source":"The Block","source_url":"https://www.theblock.co/post/403108/cosmos-based-gravity-bridge-drained-of-5-4-million-in-suspected-key-compromise-researchers-say"},{"date":"2026-05-30","event":"Gravity Bridge team issues official statement instructing all validators and orchestrators to halt operations immediately while the incident is investigated. Bridge fully suspended.","source":"Grafa / crypto.news","source_url":"https://grafa.com/en/news/crypto/gravity-bridge-54m-exploit"},{"date":"2026-05-30","event":"Attacker begins laundering stolen funds through ChangeNow and Binance. TVL drops from approximately $11.82M to $6.24M — a 47% decline.","source":"AMBCrypto","source_url":"https://ambcrypto.com/gravity-bridge-hack-drains-5-4m-as-tvl-crashes-47-details/"},{"date":"2026-06-01","event":"Attacker wallet 0x7B582033... still holds approximately 2,102 ETH (~$4.23M). Bridge remains halted. No postmortem published.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/hacker-drain-gravity-bridge/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 3162e305-db24-4f2d-834d-d022b43b21f6copy