TL;DR
- Taiko urged customers to withdraw from all bridges after a series state verification compromise enabled unauthorized bridge withdrawals.
- Attackers used cast withdrawal proofs or messages that had been accepted on Ethereum with out matching respectable exercise on Taiko, draining as much as $1.7 million.
- Taiko paused affected techniques, halted withdrawals and requested exchanges to droop TAIKO deposits whereas broader 2026 bridge losses already exceed $340 million throughout main reported exploits.
Taiko’s bridge emergency has turned a well-recognized cross-chain worry into a direct person warning, after attackers drained as much as $1.7 million via unauthorized withdrawals tied to its Ethereum bridge infrastructure. The Ethereum layer-2 undertaking urged customers to withdraw property from all bridges deployed on Taiko, saying a compromise in chain state verification meant bridge safety assumptions might now not be trusted. The unsettling lesson is that one proof-validation failure can threaten a whole bridge stack, even when absolutely the greenback loss stays modest by DeFi exploit requirements.
Safety Discover
We’ve got confirmed a compromise of Taiko’s chain state verification mechanism. Consequently, the safety assumptions of all bridges deployed on Taiko can now not be relied upon.
We’re actively coordinating with the Safety Council and ecosystem companions to…
— Taiko.eth 
(@taikoxyz) June 22, 2026
The exploit focused Taiko’s bridge and ERC20 vault on Ethereum by accepting cast withdrawal proofs that appeared legitimate with out matching respectable exercise on Taiko’s supply chain. Safety analyses described fraudulent bridge messages being registered and later retrieved, releasing actual property from the vault. Taiko paused affected techniques, halted withdrawals via the primary bridge and token vault, and requested centralized exchanges to droop TAIKO deposits whereas block producers stopped producing new blocks throughout the investigation. That makes containment the primary precedence, as a result of as soon as cast cross-chain messages cross verification, pace issues greater than cleanup messaging.
The basis trigger seems to be a flaw in Taiko bridge source-signal proof validation. Crafted message proofs had been accepted as legitimate on Ethereum L1 with out corresponding respectable MessageSent occasions on the Taiko supply chain.
This allowed the attacker to register and later…
— Blockaid (@blockaid_) June 21, 2026
Solid Proofs Expose Bridge Fragility Once more
Early safety evaluations pointed to a source-signal validation flaw, whereas one other investigation urged an uncovered Raiko SGX enclave signing key might have allowed attackers to enroll provers and signal fraudulent proofs. Taiko has not but printed its full incident report, so the ultimate root-cause wording nonetheless issues. Even so, the working sample is evident: faux withdrawal requests had been accepted on Ethereum with out corresponding deposits or messages on Taiko. In sensible phrases, the exploit attacked belief between chains, not a easy pockets mistake or remoted token contract bug.
The market influence arrived rapidly. Taiko estimated losses round $1.7 million earlier than containing outflows, whereas different trackers positioned stolen property between a minimum of $1 million and $1.7 million. The TAIKO token fell greater than 20% after the incident, and exploiter-linked funds included roughly 2 million TAIKO moved to MEXC plus wallets holding about $1.5 million, principally in ETH. The broader concern is bigger than Taiko. Bridges have already produced greater than $340 million in losses throughout a minimum of 14 exploits this 12 months, together with Kelp DAO and Verus-Ethereum incidents. For customers, Taiko’s warning is one other reminder that bridges stay DeFi’s weakest connective tissue throughout protocol operations at this time.
