An attacker manipulated withdrawal proofs, leading to a theft of roughly $1.7 million, mirroring flaws seen in major bridge hacks this year. Quick action minimized the impact.
By Shaurya Malwa|Edited by Sheldon RebackUpdated Jun 22, 2026, 9:52 a.m. Published Jun 22, 2026, 9:23 a.m. 2 min readMake preferred on ShareShare this articleCopy linkX (Twitter)LinkedInFacebookEmailMake preferred on (Clint Patterson/Unsplash)SummaryShow- Taiko, an Ethereum layer-2 platform, has ceased block production and advised users to withdraw their funds following an exploit of its bridge that resulted in around $1.7 million being stolen.
- The attacker created fraudulent cross-chain proofs, allowing them to issue withdrawal requests on Ethereum without corresponding deposits on Taiko, leading to the draining of the bridge and its token vault before the team intervened.
- Although the financial loss is relatively minor, this exploit utilized a vulnerability similar to that behind over $340 million in bridge hacks this year, and Taiko will release a comprehensive report on the incident.
Taiko, an Ethereum layer-2 solution, has halted its block production and urged users to withdraw their assets after a bridge exploit was detected earlier on Monday.
Estimated losses from the incident are around $1.7 million, which was noted before the team intervened to stop further outflows. Meanwhile, the TAIKO token, valued at a total of $14.5 million, has experienced a decline of over 20% since the early hours of the day.
The attacker successfully forged the proofs used by the bridge to validate that a withdrawal corresponds to an actual deposit. This allowed fake withdrawal requests to be processed on Ethereum without any legitimate transaction on Taiko's network, enabling the theft of funds from both the bridge and the token vault, according to Taiko.
Bridges serve as blockchain tools that facilitate asset transfers between different networks, such as Taiko and Ethereum. Layer-2 solutions handle transactions off the main chain, then settle back to it, offering increased speed and lower costs than the primary system.
The attacker’s ability to create seemingly valid proofs suggests they may have accessed a compromised key.
According to security firm BlockSec, its preliminary investigation indicated that the vulnerability stemmed from a signing key for Raiko, which Taiko uses for generating proofs of transaction authenticity, that was inadvertently made publicly accessible on GitHub.
This key is intended to remain secure within dedicated hardware to maintain trust in the proofs. If compromised, attackers can register their own provers as legitimate and sign fraudulent proofs that the verifier of Taiko would accept, enabling them to fabricate a bridge withdrawal that releases actual assets on Ethereum.
.@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cause was an exposed Raiko SGX enclave signing key on GitHub. Raiko is Taiko’s multi-prover stack for Taiko and Ethereum blocks, so an exposed Raiko SGX enclave key… https://t.co/8BIiEeNtYJ pic.twitter.com/eAq9Xjngz8
— BlockSec Phalcon (@Phalcon_xyz) June 22, 2026
In response, Taiko has advised all users to withdraw from every bridge on its network, requested centralized exchanges to halt deposits of the TAIKO token, and directed its block producers to stop creating new blocks while the investigation is underway.
By approximately 2 a.m. ET, Taiko confirmed that the exploit had been contained and that withdrawals through the primary bridge and token vault had been halted. The attacker had already transferred around 2 million TAIKO, worth about $170,000, to an account on the MEXC exchange.
While the monetary loss is relatively small, the exploit leveraged a vulnerability that has led to significant losses in the DeFi space this year.
Forged cross-chain messages previously drained $292 million from Kelp DAO's bridge in April and $11.4 million from the Verus-Ethereum bridge in May. In total, bridges have accounted for over $340 million in losses across at least 14 different exploits in 2026, making them a prime target in the crypto sector. Taiko managed to limit its losses primarily because the team acted swiftly to freeze the situation within hours.
Taiko, which launched on Ethereum in May 2024, is preparing a detailed report on the incident.