Taiko urges withdrawals after bridge exploit drains $1.7M
Taiko told users to withdraw funds after a bridge exploit that drained about $1.7 million and paused affected bridges while it investigates a chain state verification failure.
Taiko, an Ethereum layer-2 network, urged users to withdraw assets after an exploit on a bridge protocol drained roughly $1.7 million. The project posted on X early Monday saying it had paused affected systems and was coordinating with partners to contain the incident.
Taiko posted: “We have confirmed a compromise of Taiko’s chain state verification mechanism. As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon. We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately.”
Security firm Blockaid identified the likely root cause as a flaw in how the Taiko bridge validated source signals. Blockaid reported that message proofs were accepted as valid on Ethereum without matching legitimate proofs on the Taiko chain. That mismatch allowed an attacker to register and later retrieve forged bridge messages, which triggered unauthorized releases from an ERC-20 vault.
Estimates of the total loss vary. Blockaid put the stolen amount at at least $1 million. Blockchain trackers suggested the value could be as high as $1.7 million. Blockchain intelligence data shows exploiter wallets holding about $1.5 million, primarily in ether. PeckShield reported the attacker moved 1.99 million TAIKO tokens, worth about $189,000, to the MEXC exchange. TAIKO token prices have fallen sharply from their 2024 peak.
Taiko said it has paused the bridges it identified as affected and that outside security teams are analyzing on-chain activity to trace stolen funds and determine how the verification failure occurred. The project did not provide a timeline for a full forensic report or for restoring bridge services.
The incident adds to a series of decentralized finance breaches in June. Security trackers list at least 23 protocol-level exploits this month, including large losses at the Humanity Protocol and the Syscoin Bridge. Other recent incidents include a $4.67 million exploit on Secret Network and a $1.1 million drain from a PancakeSwap liquidity pool.
Bridges move tokens between blockchains by passing signed messages or proofs that assets were locked or burned on the source chain before release on the destination chain. When verification logic accepts forged or mismatched proofs, attackers can create messages on one chain that are incorrectly accepted on the other, enabling unauthorized token releases.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
