Bridge Exploit Forces Emergency Response From Taiko, Users Told to Exit

Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

Taiko, a decentralized Ethereum-equivalent ZK-EVM and general-purpose ZK-Rollup, has warned users to withdraw funds from every bridge deployed on its network after confirming a compromise of its chain state verification mechanism. The incident followed a reported exploit of the project’s ERC20 Vault on Ethereum (ETH) that blockchain security firm Blockaid estimated had already exceeded $1 million in losses. As the investigation continues, Taiko has temporarily stopped block production and asked centralized exchanges to suspend TAIKO deposits.

Taiko Confirms Bridge Security Compromise

Specifically, in an X post on June 22, blockchain security company Blockaid first reported an ongoing exploit affecting Taiko’s ERC20 Vault on Ethereum, and estimated losses of more than $1 million. The firm published the affected contract, attacker address, and exploit transactions as it continued to monitor the incident.

According to Blockaid’s preliminary analysis, the exploit appears to stem from a flaw in Taiko’s bridge source-signal proof validation. Indeed, the firm said crafted message proofs were accepted on Ethereum without corresponding legitimate MessageSent events on the Taiko source chain.

Latest Stories

3 min read • 2 hours ago

Solana Wins Landmark Korean Banking Deal

3 min read • 3 hours ago

Algorand Targets Full Quantum Resistance by 2027

4 min read • 1 day ago

Is This the Institutional Catalyst XRP Holders Have Been Waiting For?

Read all latest stories →

That allegedly allowed the attacker to register fraudulent bridge messages and later redeem them, which resulted in unauthorized releases of assets from the ERC20 vault.

Shortly afterward, Taiko confirmed that its chain state verification mechanism had been compromised, and warned that the security assumptions behind every bridge deployed on the network could no longer be trusted.

The project said it is coordinating with its Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and pursue both technical and legal responses.

At press time on June 22, the price of Taiko’s native token amounted to $0.074, down 11.3% on the day, 15.4% across the past week, and 30.6% over the month, according to the most recent chart information.

Users Told to Withdraw Funds as Block Production Stops

Taiko urged all users to withdraw funds from every bridge deployed on the network immediately as the issue remains unresolved.

The team also requested that centralized exchanges suspend TAIKO deposits until an official notice confirms the network is secure again. As part of its public update, Taiko released several attacker wallet addresses to help exchanges and ecosystem partners monitor suspicious activity.

In a separate announcement, the project said all Taiko proposers have temporarily stopped producing new blocks as engineers investigate and resolve the security issue.

Meanwhile, Blockaid said the suspected vulnerability allowed the acceptance of fraudulent bridge messages despite lacking valid source-chain events, and pointed to a flaw in proof validation as opposed to the bridge contracts themselves. Taiko has not yet disclosed the total amount lost or provided a timeline for restoring bridge operations and resuming block production.