Loading prices…
Zipp Zipp Advertise
Sign up Sign in
🩸BEARISH CoinDesk

Taiko Halts Ethereum L2 After $1.7M Bridge Exploit

The dollar loss was small, but the flaw class is the same one behind $340M in cross-chain bridge hacks already this year, and the root cause was a prover signing key left exposed on GitHub.

Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit
Taiko Halts Ethereum L2 After $1.7M Bridge Exploit

Taiko, an Ethereum Layer 2 network, halted block production on Monday and told users to pull their funds from every bridge on the network after an attacker exploited its cross-chain bridge to steal roughly $1.7 million. The exploit was contained within hours, but the TAIKO token fell about 10% as centralized exchanges suspended deposits and on-chain liquidity dried up.

Why it matters

Security firm BlockSec said its initial investigation traces the likely root cause to a signing key for Raiko, Taiko's multi-prover system, being left publicly accessible on GitHub. The key is meant to stay sealed inside secure SGX hardware so that proofs submitted to Ethereum can be trusted; with it exposed, the attacker could enroll their own provers as legitimate and sign fraudulent withdrawal proofs that Taiko's verifier accepted. The attacker forged cross-chain messages so that fake withdrawal requests were honored on Ethereum without any matching deposit on Taiko, draining the bridge and its token vault before the team froze activity.

Market impact

The dollar loss is modest, but the failure mode is the same one that has made bridges the costliest target in crypto in 2026. Forged cross-chain messages drained $292 million from Kelp DAO's bridge in April and $11.4 million from the Verus-Ethereum bridge in May, and bridges have now produced more than $340 million in losses across at least 14 exploits this year. Taiko's damage stayed contained mainly because the team caught the outflow and stopped the bridge within hours; the exploiter had already moved about 2 million TAIKO, worth roughly $170,000, to an account on MEXC. A full incident report is expected in Asian morning hours Monday.

Related tokens
$TAIKO $ETH
$TAIKO#Ethereum#Layer2#BridgeExploit

Frequently asked questions

  1. What happened in the Taiko bridge exploit?

    An attacker forged cross-chain withdrawal proofs to drain roughly $1.7M from Taiko's bridge and token vault. Taiko halted block production and contained the exploit within hours.

  2. How did the attacker forge valid withdrawal proofs?

    Security firm BlockSec said a signing key for Raiko, Taiko's multi-prover system, was left publicly accessible on GitHub. The exposed key let the attacker enroll their own provers as legitimate and sign fraudulent withdrawal proofs that Taiko's verifier accepted.

  3. How much did the TAIKO token drop after the exploit?

    The TAIKO token fell about 10% as centralized exchanges suspended deposits and on-chain liquidity thinned during the freeze.

  4. How does this compare to other bridge hacks in 2026?

    Bridges have produced more than $340M in losses across at least 14 exploits this year, including $292M drained from Kelp DAO in April and $11.4M from the Verus-Ethereum bridge in May. Taiko's $1.7M loss stayed small mainly because the team caught and froze the bridge within hours.

  5. When will Taiko publish a full incident report?

    Taiko said it will release a full breakdown of the incident in Asian morning hours Monday, covering the root cause, the timeline, and the remediation steps.

Source attribution
Aggregated from CoinDesk · Verified · Last refreshed 1h ago
Open original →

More from Security

Stories our editors think pair well with this one.

Older in Security

Catch up on earlier coverage from this beat.