Friday, June 12, 2026

Gravity Bridge Exploit Update: Additional $2.06M Laundered via Tornado Cash

Neon-lit cross-chain bridge breach with ETH and USDC trails funneling into a privacy vortex against a sleek bokeh backdrop

Gravity Bridge Exploit Update: Additional $2.06M Laundered via Tornado Cash

A wallet linked to the recent Gravity Bridge exploit reportedly moved another 1,180 ETH, worth about $2.06 million, into Tornado Cash, according to CertiK Alert monitoring. PANews also reported the same movement on June 5, citing CertiK Alert.

The update adds another step to the laundering trail that followed the reported $5.4 million Gravity Bridge exploit. According to the CertiK-cited report, 2,020 ETH out of the 2,600 ETH associated with the theft has now been deposited into Tornado Cash through two externally owned accounts, while the remaining funds were distributed to centralized exchanges.

The available public reports do not include, in the accessible text, a transaction hash or block-level timestamp for the latest Tornado Cash deposit. For that reason, the movement is best described as reported by monitoring feeds, rather than independently verified from primary on-chain data in this article.

From the Initial Drain to the Latest Tornado Cash Deposit

The Gravity Bridge incident was first flagged around May 30, when the cross-chain protocol was reported to have lost roughly $5.4 million. The project later acknowledged an incident on X, asking validators to halt validators and orchestrators while the matter was investigated. In a follow-up update, Gravity Bridge said the bridge had been halted as the investigation continued.

PeckShield’s alert listed the stolen assets as roughly $4.3 million in USDC, 274 ETH, $434,000 in USDT and 14.164 tokens labeled PAYG. Several secondary reports later described that small final tranche as PAXG, or PAX Gold.

That discrepancy matters because PAYG and PAXG are not interchangeable labels. Without the underlying token contract or a clearer primary source, the asset is better described as a small tranche labeled PAYG in PeckShield’s quoted alert, with some reports identifying it as PAXG, rather than treating PAXG as confirmed.

Earlier fund movement was attributed more concretely to PeckShield. The firm said part of the haul had already been routed through ChangeNow and Binance, while the attacker still held about 2,102 ETH, valued near $4.23 million at the time of that alert.

Tornado Cash Movement Narrows the Forensic Trail

The latest reported transfer changes the emphasis of the story. The issue is no longer only the initial drain from Gravity Bridge, but the continuing movement of funds through privacy infrastructure and exchange-linked routes.

Tornado Cash deposits complicate public tracing because funds enter pooled withdrawal mechanics rather than moving through a simple address-to-address path. In this case, the reported 1,180 ETH transfer should be treated as a new alleged laundering step in an ongoing forensic trail, not as final confirmation of where all remaining proceeds have gone.

The exchange portion also remains important. CertiK-cited reporting says the remainder of the 2,600 ETH was distributed to centralized exchanges, while PeckShield had previously named ChangeNow and Binance in earlier routing. That does not by itself confirm the final destination of the funds, but it does show that the attacker’s movement has been split between mixer deposits and exchange-linked paths.

What Remains Unclear

Several parts of the incident remain unresolved in public reporting. Gravity Bridge has acknowledged the incident and the bridge halt, but the project has not, in the public updates cited here, provided a full postmortem explaining the exact failure path. Security researchers have discussed possible authorization or signing-related weaknesses, but the safest framing is still to treat the root cause as under investigation unless the team publishes a detailed account.

The same caution applies to the asset-label discrepancy. PeckShield’s visible alert used PAYG, while some later reports converted that final tranche to PAXG. Until a contract address or primary clarification resolves the mismatch, the PAYG/PAXG label should remain qualified.

For now, the strongest defensible summary is that CertiK-cited monitoring reported a June 5 Tornado Cash deposit of 1,180 ETH, bringing the reported Tornado Cash total to 2,020 ETH out of 2,600 ETH tied to the exploit. PeckShield previously reported ChangeNow and Binance routing, Gravity Bridge confirmed the incident and halt, and the PAYG/PAXG label remains unresolved in public reporting.

Raydium Legacy Pools Drained of $1.3M; Treasury to Cover Losses

BPool contract exploited for 282 ETH, with no official postmortem yet

Ripple CTO Says Zcash Holders Are Safe, But the Bug That Could Have Created Fake ZEC for 4 Years Cannot Be Disproven

HTX-WLFI Dispute Exposes Freeze Risk in Token Markets

Zebra 4.5.3 and 5.0.0 activate emergency soft fork and NU6.2 upgrade on Zcash network

TesseraDAO Loses $2.5M in BNB Chain Unauthorized Mint Exploit

Bithumb CEO Booked in South Korean Bribery Probe

Japan Moves to Regulate Crypto Like Stocks in Market Growth Push

On-Chain Data Shows Bitmine Purchased 25,000 ETH in Latest BitGo Transfer

Raydium Legacy Pools Drained of $1.3M; Treasury to Cover Losses

The DeFi Moment for Prediction Markets

Scroll to Top
Chain Report
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.