On June 4, 2026, the Gravity Bridge — a cross-chain bridge connecting Cosmos-based chains to Ethereum — lost roughly $5.4 million to an attacker who exploited how the bridge handled token identifiers. According to rekt.news, the attacker minted worthless tokens on Osmosis, poisoned the token registry with a fabricated denom string, then used that fake denomination to extract real assets. The $5.4M figure is an early estimate and may move as on-chain analysis continues.
TL;DR: Gravity Bridge wasn't broken by a smart-contract bug — it failed to validate a token's denom string, so a fabricated identifier let an attacker pull out real value. The flaw was a logic and configuration gap, not a cryptographic break.
What actually happened on Gravity Bridge
Gravity Bridge moves assets between Cosmos chains and Ethereum. To do that, it maps a token on one chain to a representation on another using a string called a denom — short for denomination. That string is the bridge's source of truth for "which asset is this, and what is it worth."
Per rekt.news, the attacker minted a worthless token on Osmosis, then injected a fabricated denom string into the bridge's registry. Because the bridge did not validate that string properly, it treated the fake denomination as if it mapped to a real, valuable asset. The attacker then withdrew genuine assets against the forged entry, draining an estimated $5.4 million.
This was not a flaw in the underlying chains or their cryptography. It was a validation gap in how the bridge accepted and trusted denom data — a logic and configuration issue. Bridges are recurring exploit targets precisely because they hold pooled assets and rely on off-chain or registry data that, if poisoned, can be turned against the pool.
What it means for swap and privacy-coin users
Most people don't run a bridge directly. They interact with one indirectly — when an exchange, wrapper, or routing service moves their funds across chains and holds them, however briefly, in a shared pool. That's where exposure concentrates.
If you bridge or hold assets inside a custodial cross-chain system, your funds sit alongside everyone else's in a pool that depends on the operator's validation logic. When that logic fails — as it did here — pooled and mid-transit funds are the ones at risk. The Gravity Bridge incident is the latest in a long line of bridge and pooled-custody failures, following 2026 exploits at THORChain and several Safe-module drains.
The practical takeaway is about architecture, not blame:
- Pooled custody concentrates risk — a single validation flaw can affect every depositor at once.
- Bridges add trust surface — every wrapping, registry, and denom-mapping step is something that can be misconfigured.
- Funds in transit are exposed — the longer assets sit in a shared contract, the larger the target.
How a non-custodial swap differs structurally
A non-custodial, no-KYC swap routes your assets through rather than parking them in a shared pool. The distinction is structural, not a safety guarantee — every service has attack surface — but it changes who is exposed to what.
GhostSwap is a no-KYC crypto exchange: no account, no email, and no identity verification are required to swap. Funds pass through non-custodially — they are never held by GhostSwap. You supply a receiving address and, if needed, a refund address; the swap completes to that address directly.
| Feature | Non-custodial swap (GhostSwap) | Bridge / pooled custody |
|---|---|---|
| Where funds sit | Pass through; routed to your address | Pooled in a shared contract |
| Account / KYC | None required | Often account-gated |
| Trust surface | Routing + counterparty | Registry, denom mapping, pool logic |
| Who's exposed in a drain | In-transit only | All depositors in the pool |
GhostSwap supports 1,600+ pairs across BTC, ETH, XMR, SOL and altcoin networks, with floating-rate pricing from aggregated liquidity from leading crypto markets. Median swap completion time is about 8 minutes, though it varies with chain congestion (the slower tail can run to ~30 minutes). The point isn't that pass-through swaps are immune to risk — it's that they don't ask you to leave your assets sitting in a pool that a forged token entry can drain.
How to swap without holding funds in a bridge pool
If you want to move between chains without leaving funds in a custodial bridge, a pass-through swap is the simpler exposure profile. The flow is short:
- Pick your pair — for example, swap BTC to XMR.
- Enter your receiving address — and a refund address.
- Send the deposit — the swap routes through and completes to your address.
You can start from the swap widget on the GhostSwap homepage with no account and no email. For a step-by-step primer, see how to buy crypto.
FAQ
Q: Was Gravity Bridge hacked through a smart-contract bug?
A: No. Per rekt.news, the loss came from a denom-string validation failure — a logic and configuration gap — not a flaw in the chains' cryptography. The attacker forged a token identifier the bridge trusted.
Q: How much was lost in the Gravity Bridge exploit?
A: An estimated $5.4 million as of June 4, 2026. Treat that as an early figure; on-chain forensics can revise loss estimates as analysis continues.
Q: Are my funds safer in a non-custodial swap?
A: A non-custodial swap routes funds through rather than pooling them, so depositors aren't all exposed to a single pool failure. That's a structural difference, not a guarantee — every service has attack surface.
Q: Do I need an account to use GhostSwap?
A: No. There's no account, no email, and no identity verification to swap. You supply a receiving address and an optional refund address; funds pass through non-custodially.
Swap without parking your funds in a pool
Bridge drains keep hitting pooled, custodial systems. If you'd rather not leave assets sitting in a shared contract, start a no-account swap from the GhostSwap homepage.
