Skip to main content
Sign in

Taiko Ethereum L2 Bridge Exploit

avoid.net/taiko-ethereum-l2-bridge-exploit15/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·4gYZ9w…HTpv

Summary

On June 22, 2026, an attacker drained approximately $1.7 million from the Taiko Ethereum layer-2 bridge and ERC-20 vault by exploiting a leaked Intel SGX RSA-3072 signing key that had been publicly committed to the taikoxyz/raiko GitHub repository. The attacker used the key to register as a legitimate prover, forge L2 state attestations, and submit withdrawal requests on Ethereum with no matching deposits on Taiko, causing the bridge contracts to release funds against fraudulent proofs. Taiko halted block production and froze bridge withdrawals within approximately eight minutes of the attack being detected by Blockaid's monitoring system.

Connected Entities

1 entities · 10 linked investigations
Organizations
Taiko Ethereum L2 Bridge Exploit
Relationships
    Also appears in
    edgeX Exchange·28Saga EVM Blockchain·32Mach-O Man Malware Campaign (Lazarus / Chollima)·0Gamma Strategies·28Alephium Bridge·18Bunni Protocol·28BitGrail·2Shunda Park Scam Compound·0Thorchain DEX·28Crossmint·70
    Have evidence about Taiko Ethereum L2 Bridge Exploit?

    Timeline(7 events)

    2026-06-22

    Attack begins: attacker uses leaked SGX RSA-3072 signing key from taikoxyz/raiko GitHub repository to register as a legitimate prover and begin submitting forged withdrawal proofs. Approximately $1.7 million drained from L1 Bridge and ERC20Vault contracts.

    CoinDesk

    2026-06-22

    Blockaid's automated monitoring system detects the exploit in real time. Taiko halts block production and freezes L1 Bridge and ERC20Vault withdrawals by approximately 2:08 a.m. ET — roughly eight minutes after the attack began.

    SpotedCrypto

    2026-06-22

    Taiko publicly urges all users to withdraw funds from all bridges deployed on the chain, requests exchanges suspend TAIKO deposits, and activates the Security Council multisig governance body.

    CoinDesk

    2026-06-22

    Alleged attacker moves approximately 2 million TAIKO tokens (approximately $170,000) to a MEXC exchange account before the full freeze takes effect.

    Thirdweb Blog

    2026-06-22

    TAIKO token price falls approximately 10–20% intraday, reaching an alleged all-time low of approximately $0.07294.

    Invezz

    2026-06-22

    Recovery pull request #21820 ('feat(protocol): port hack recovery hooks to v3') opened at 17:09 UTC against the v3.0.0 protocol branch with four structural fixes: checkpoint versioning, Inbox state reset, bridge-message invalidation, and QuotaManager restoration.

    SpotedCrypto

    2026-06-22

    Taiko identifies root cause and confirms fix implementation is underway. Team commits to publishing a full incident post-mortem. PR #21820 remains open and unmerged; bridge reopening pending merge, post-merge security review, and Security Council multisig approval.

    CryptoTimes
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 6/23/2026, 11:03:33 PM

    last updated: 6/23/2026, 11:03:44 PM

    avoid.net — verified advice for a post-truth world