Audit log

Every state-changing event for Taiko Ethereum L2 Bridge Exploit: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-23 23:03:44Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 428,470,297

   sig

   4gYZ9wsyPqUy…A61MHTpvcopyexplorer ↗

   hash

   8yHQj4Suzb8o…mDw31VvQcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (19101 B) ▸

   {"actor":"system:backfill","investigation_id":"7c829a4d-1a89-4901-91bb-62f3cff14f24","kind":"publish","page_slug":"taiko-ethereum-l2-bridge-exploit","published_at":"2026-06-23T23:03:44.514Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Taiko Ethereum L2 Bridge Exploit","sections":[{"content":"On June 22, 2026, Taiko — an Ethereum-equivalent layer-2 rollup operated by Taiko Labs — suffered a bridge exploit resulting in an estimated $1.7 million in losses. The attack targeted the L1 Bridge contract (0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) and the ERC20Vault contract (0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) deployed on Ethereum mainnet. The incident forced Taiko to halt block production entirely and issue an urgent warning for all users to withdraw funds from every bridge deployed on the chain. The TAIKO token declined approximately 10–20% following the announcement, briefly reaching an all-time low; the $1.7 million loss represented roughly 11.7% of TAIKO's approximately $14.5 million market capitalization at the time.","heading":"Incident Overview","severity":"critical","sources":[{"credibility":1,"name":"Taiko halts its Ethereum layer-2 network after a bridge exploit, token dives — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"credibility":1,"name":"Ethereum Layer 2 Taiko halts block production following exploit — The Block","type":"news_article","url":"https://www.theblock.co/post/405486/taiko-confirms-exploit"},{"credibility":2,"name":"$1.7M Gone: Taiko Bridge Exploited After SGX Signing Key Leak — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/"}]},{"content":"Security researchers, including analysts at BlockSec, identified the root cause as an Intel SGX RSA-3072 private signing key (enclave-key.pem) that was publicly committed to the taikoxyz/raiko open-source GitHub repository. Raiko is the multi-prover stack underlying Taiko's chain state verification system. This key was intended to remain sealed inside secure hardware (a Trusted Execution Environment) to restrict proof generation to authorized participants only; instead, it was accessible to anyone with a GitHub account. The exposure constituted a critical operational security failure: the entire trust model of the SGX-attested prover system depended on the secrecy of this credential.","heading":"Root Cause: Exposed SGX Signing Key","severity":"critical","sources":[{"credibility":2,"name":"Taiko Bridge Exploit: How a Leaked Key Drained $1.7M from an Ethereum L2 — Thirdweb Blog","type":"research","url":"https://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/"},{"credibility":2,"name":"Taiko Bridge Exploit June 2026: $1.7M SGX Key Leak Explained — SpotedCrypto","type":"news_article","url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"},{"credibility":2,"name":"Ethereum L2 Bridge Exploit Drains $1.7M: Leaked SGX Key Defeats Taiko Trust Model — TechTimes","type":"news_article","url":"https://www.techtimes.com/articles/318886/20260623/ethereum-l2-bridge-exploit-drains-17m-leaked-sgx-key-defeats-taiko-trust-model.htm"}]},{"content":"Using the leaked enclave-key.pem, the attacker executed a two-phase attack. In the first phase, the attacker registered themselves as a legitimate prover on Taiko's on-chain verifier by forging SGX enclave attestations — the verifier had no way to distinguish these from genuine attestations because the key material was identical to what an authorized prover would use. The attacker then signed fraudulent L2 state attestations and called processMessage() on the bridge contract, setting withdrawal statuses to RETRIABLE for messages that had no corresponding MessageSent events on Taiko's source chain. In the second phase, the attacker called retryMessage(), which executed with minimal validation checks and released Ethereum mainnet funds from the bridge and ERC-20 vault against the forged proofs. The bridge contracts lacked a mechanism to confirm that deposits had actually occurred on L2 before releasing L1 funds. Prior to the freeze, the attacker moved approximately 2 million TAIKO tokens (approximately $170,000) to a MEXC exchange account.","heading":"Attack Mechanics","severity":"critical","sources":[{"credibility":2,"name":"Taiko Bridge Exploit: How a Leaked Key Drained $1.7M from an Ethereum L2 — Thirdweb Blog","type":"research","url":"https://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/"},{"credibility":2,"name":"$1.7M Gone: Taiko Bridge Exploited After SGX Signing Key Leak — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/"},{"credibility":2,"name":"Taiko Bridge Exploit June 2026: $1.7M SGX Key Leak Explained — SpotedCrypto","type":"news_article","url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"}]},{"content":"Blockaid's automated exploit detection system identified the attack in real time. The window between the attack beginning and containment was approximately eight minutes: the activity was detected and frozen between roughly 2:00 a.m. and 2:08 a.m. ET on June 22, 2026. Taiko's response included halting all block production, freezing L1 Bridge and ERC-20 Vault withdrawals, publicly urging all users to withdraw funds from all bridges deployed on the chain, requesting that exchanges suspend TAIKO token deposits, activating the project's Security Council multisig governance body, and committing to publish a full incident post-mortem. Taiko Labs stated it was coordinating with exchanges and security partners to track and freeze attacker assets, and indicated it would pursue both technical and legal action.","heading":"Detection and Immediate Response","severity":"high","sources":[{"credibility":1,"name":"Taiko halts its Ethereum layer-2 network after a bridge exploit, token dives — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"credibility":2,"name":"Taiko Halts Blocks After $1.7M Exploit, Urges Users to Exit Bridges — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/22/taiko-halts-blocks-after-1-7m-exploit-urges-users-to-exit-bridges/"},{"credibility":2,"name":"Taiko Loses $1.7M In Bridge Exploit, Suspends Block Production And Freezes Withdrawals — Metaverse Post","type":"news_article","url":"https://mpost.io/taiko-loses-1-7m-in-bridge-exploit-suspends-block-production-and-freezes-withdrawals/"}]},{"content":"Two Ethereum mainnet contracts were drained in the exploit. The Bridge contract at 0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC and the ERC20Vault contract at 0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab were both targeted. These addresses have been reported by CryptoTimes as the affected smart contracts; they have not yet been confirmed in an official Taiko post-mortem as of the date of this investigation. Remaining bridge funds were reported by the team as secure following the freeze.","heading":"Affected Contracts","severity":"high","sources":[{"credibility":2,"name":"$1.7M Gone: Taiko Bridge Exploited After SGX Signing Key Leak — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/"}]},{"content":"On June 22, 2026 at 17:09 UTC, Taiko developers opened recovery pull request #21820 — titled 'feat(protocol): port hack recovery hooks to v3' — against the v3.0.0 protocol branch of the taikoxyz/taiko-mono repository. The PR comprises 7 commits, 15 changed files, 485 additions, and 269 deletions, and bundles four structural fixes: (1) checkpoint versioning to invalidate all stored checkpoints and force re-derivation from a clean state; (2) an Inbox state reset that restores core chain state to a point before the attack; (3) bridge-message invalidation to void the fraudulent messages created during the exploit; and (4) QuotaManager restoration with per-window transfer limits (reportedly approximately $200,000 per 15-minute window) to cap potential future losses. As of the date of this investigation, PR #21820 remained open and unmerged. Bridge reopening is contingent on merging the fix, a post-merge security review, and Security Council multisig approval.","heading":"Recovery Plan: PR #21820","severity":"high","sources":[{"credibility":2,"name":"Taiko Bridge Exploit June 2026: $1.7M SGX Key Leak Explained — SpotedCrypto","type":"news_article","url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"},{"credibility":2,"name":"Taiko Bridge Exploit: Why L2 Withdrawal UX Is Becoming a DeFi Safety Test — CryptoDaily","type":"news_article","url":"https://cryptodaily.co.uk/2026/06/taiko-bridge-exploit-l2-withdrawal-ux-defi-safety-test"}]},{"content":"The TAIKO token declined approximately 10–20% intraday following public disclosure of the exploit on June 22, 2026, with one report noting a price of $0.07294 at the low — an all-time low for the asset. With a market capitalization of approximately $14.5 million at the time, the $1.7 million loss represented roughly 11.7% of total market cap, an outsized impact relative to larger protocols. Some reports noted that approximately 2 million TAIKO tokens (approximately $170,000) were moved by the alleged attacker to a MEXC exchange account before the freeze, though recovery of those funds had not been publicly confirmed as of this investigation.","heading":"Market and Token Impact","severity":"high","sources":[{"credibility":1,"name":"Taiko halts its Ethereum layer-2 network after a bridge exploit, token dives — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"credibility":2,"name":"TAIKO hits all-time low as Taiko bridge exploit drains $1.7M — Invezz","type":"news_article","url":"https://invezz.com/news/2026/06/22/taiko-hits-all-time-low-as-taiko-bridge-exploit-drains-1-7m/"},{"credibility":2,"name":"Taiko urges users to withdraw as bridge exploit drains $1.7M — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:8a1c1fe03094b:0-taiko-urges-users-to-withdraw-as-bridge-exploit-drains-1-7m/"}]},{"content":"The Taiko exploit belongs to a pattern of cross-chain bridge attacks that have accelerated in 2026. Analysts have reported that bridges have produced more than $340 million in losses across at least 14 exploits in 2026 as of the date of this incident, making bridges the single costliest attack surface in the crypto ecosystem. The underlying vulnerability class — forged cross-chain proof submission — is consistent with earlier major bridge exploits. The Taiko incident is notable for its use of a leaked Trusted Execution Environment key as the attack vector, which undermines the security guarantees of SGX-based proving systems if credential hygiene is not enforced at the operational level. Commentary from security researchers has highlighted that the damage was contained primarily because the team detected and froze activity within minutes, rather than because of any on-chain circuit breaker active at the time of the attack.","heading":"Broader Context: Bridge Security in 2026","severity":"medium","sources":[{"credibility":2,"name":"Taiko Bridge Exploit: Why L2 Withdrawal UX Is Becoming a DeFi Safety Test — CryptoDaily","type":"news_article","url":"https://cryptodaily.co.uk/2026/06/taiko-bridge-exploit-l2-withdrawal-ux-defi-safety-test"},{"credibility":2,"name":"Taiko Bridge Exploit: How a Leaked Key Drained $1.7M from an Ethereum L2 — Thirdweb Blog","type":"research","url":"https://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/"}]}],"sources_used":[{"credibility":1,"name":"Taiko halts its Ethereum layer-2 network after a bridge exploit, token dives — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"credibility":1,"name":"Ethereum Layer 2 Taiko halts block production following exploit — The Block","type":"news_article","url":"https://www.theblock.co/post/405486/taiko-confirms-exploit"},{"credibility":2,"name":"Taiko urges users to withdraw as bridge exploit drains $1.7M — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:8a1c1fe03094b:0-taiko-urges-users-to-withdraw-as-bridge-exploit-drains-1-7m/"},{"credibility":2,"name":"$1.7M Gone: Taiko Bridge Exploited After SGX Signing Key Leak — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/"},{"credibility":2,"name":"Taiko Bridge Exploit: How a Leaked Key Drained $1.7M from an Ethereum L2 — Thirdweb Blog","type":"research","url":"https://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/"},{"credibility":2,"name":"Taiko Bridge Exploit June 2026: $1.7M SGX Key Leak Explained — SpotedCrypto","type":"news_article","url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"},{"credibility":2,"name":"Ethereum L2 Bridge Exploit Drains $1.7M: Leaked SGX Key Defeats Taiko Trust Model — TechTimes","type":"news_article","url":"https://www.techtimes.com/articles/318886/20260623/ethereum-l2-bridge-exploit-drains-17m-leaked-sgx-key-defeats-taiko-trust-model.htm"},{"credibility":2,"name":"Taiko Halts Blocks After $1.7M Exploit, Urges Users to Exit Bridges — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/22/taiko-halts-blocks-after-1-7m-exploit-urges-users-to-exit-bridges/"},{"credibility":2,"name":"TAIKO hits all-time low as Taiko bridge exploit drains $1.7M — Invezz","type":"news_article","url":"https://invezz.com/news/2026/06/22/taiko-hits-all-time-low-as-taiko-bridge-exploit-drains-1-7m/"},{"credibility":2,"name":"Taiko Bridge Exploit: Why L2 Withdrawal UX Is Becoming a DeFi Safety Test — CryptoDaily","type":"news_article","url":"https://cryptodaily.co.uk/2026/06/taiko-bridge-exploit-l2-withdrawal-ux-defi-safety-test"},{"credibility":2,"name":"Taiko Loses $1.7M In Bridge Exploit, Suspends Block Production And Freezes Withdrawals — Metaverse Post","type":"news_article","url":"https://mpost.io/taiko-loses-1-7m-in-bridge-exploit-suspends-block-production-and-freezes-withdrawals/"},{"credibility":2,"name":"Taiko Issues Urgent Warning After Bridge Security Breach — CoinPedia","type":"news_article","url":"https://coinpedia.org/news/crypto-news-today-taiko-issues-urgent-warning-after-bridge-security-breach/"},{"credibility":2,"name":"Taiko Confirms Security Breach and Urges Users to Withdraw Funds — CoinPaper","type":"news_article","url":"https://coinpaper.com/32148/taiko-confirms-security-breach-and-urges-users-to-withdraw-funds"},{"credibility":2,"name":"Taiko Hack Forces Bridge Withdrawal Warning Amid $1.7M Incident — Bitcoin Foundation News","type":"news_article","url":"https://bitcoinfoundation.org/news/blockchain-news/ethereum-l2-taiko-hack-forces-bridge-warning-amid-1-7m-exploit/"},{"credibility":2,"name":"Taiko Rollup Confirms Bridge Exploit After Chain State Verification Compromise — CryptoWisser","type":"news_article","url":"https://www.cryptowisser.com/news/taiko-rollup-confirms-bridge-exploit-after-chain-state-verification-compromise"}],"summary":"On June 22, 2026, an attacker drained approximately $1.7 million from the Taiko Ethereum layer-2 bridge and ERC-20 vault by exploiting a leaked Intel SGX RSA-3072 signing key that had been publicly committed to the taikoxyz/raiko GitHub repository. The attacker used the key to register as a legitimate prover, forge L2 state attestations, and submit withdrawal requests on Ethereum with no matching deposits on Taiko, causing the bridge contracts to release funds against fraudulent proofs. Taiko halted block production and froze bridge withdrawals within approximately eight minutes of the attack being detected by Blockaid's monitoring system.","timeline":[{"date":"2026-06-22","event":"Attack begins: attacker uses leaked SGX RSA-3072 signing key from taikoxyz/raiko GitHub repository to register as a legitimate prover and begin submitting forged withdrawal proofs. Approximately $1.7 million drained from L1 Bridge and ERC20Vault contracts.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"date":"2026-06-22","event":"Blockaid's automated monitoring system detects the exploit in real time. Taiko halts block production and freezes L1 Bridge and ERC20Vault withdrawals by approximately 2:08 a.m. ET — roughly eight minutes after the attack began.","source":"SpotedCrypto","source_url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"},{"date":"2026-06-22","event":"Taiko publicly urges all users to withdraw funds from all bridges deployed on the chain, requests exchanges suspend TAIKO deposits, and activates the Security Council multisig governance body.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10"},{"date":"2026-06-22","event":"Alleged attacker moves approximately 2 million TAIKO tokens (approximately $170,000) to a MEXC exchange account before the full freeze takes effect.","source":"Thirdweb Blog","source_url":"https://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/"},{"date":"2026-06-22","event":"TAIKO token price falls approximately 10–20% intraday, reaching an alleged all-time low of approximately $0.07294.","source":"Invezz","source_url":"https://invezz.com/news/2026/06/22/taiko-hits-all-time-low-as-taiko-bridge-exploit-drains-1-7m/"},{"date":"2026-06-22","event":"Recovery pull request #21820 ('feat(protocol): port hack recovery hooks to v3') opened at 17:09 UTC against the v3.0.0 protocol branch with four structural fixes: checkpoint versioning, Inbox state reset, bridge-message invalidation, and QuotaManager restoration.","source":"SpotedCrypto","source_url":"https://www.spotedcrypto.com/taiko-bridge-exploit-june-2026/"},{"date":"2026-06-22","event":"Taiko identifies root cause and confirms fix implementation is underway. Team commits to publishing a full incident post-mortem. PR #21820 remains open and unmerged; bridge reopening pending merge, post-merge security review, and Security Council multisig approval.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 3d23f261-9e00-4dd9-b14d-e40b472725b5copy