Key Highlights
- Taiko lost around $1.7 million in a bridge exploit on June 22, 2026.
- Fake L2 attestations allowed malicious bridge withdrawals to pass verification.
- Taiko paused bridge operations and ERC20Vault contracts to contain the breach.
Taiko, an Ethereum Layer-2 network, suffered a security breach today, resulting in approximately $1.7 million being drained from its L1 Bridge and ERC20Vault contracts.
According to an analysis shared by cybersecurity firm Quill Audits via X, the exploit stemmed from a critical operational error: an RSA-3072 private key used for Intel SGX enclave signing was publicly committed to the project’s open-source GitHub repository (taikoxyz/raiko).
How did the attack unfold
The attacker leveraged the leaked enclave-key.pem file to forge SGX prover registrations and create fake L2 state attestations. Because Taiko’s L1 contracts trusted any enclave matching the stored MrSigner value (derived from the public key), the maliciously signed enclave was accepted as legitimate. This allowed the attacker to submit forged bridge messages that passed verification.
The attack unfolded in two phases. First, forged attestations enabled processMessage() calls to set withdrawal statuses to RETRIABLE. Then, retryMessage() executed with minimal additional checks, releasing funds from the bridge and token vault on the Ethereum mainnet.
Security researchers noted that no private keys were stolen in real-time and no social engineering was involved; the vulnerability originated purely from the exposed signing key.
Affected contracts include the Bridge at 0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC and the ERC20Vault at 0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab. Major drain transactions were quickly identified, with attacker addresses linked to the transfers.
The Crypto Times team tried to reach out to Taiko for comment on the Quill Audits analysis, but the team hasn’t responded yet.
Taiko team urges bridge withdrawals
Taiko responded swiftly through its Security Council by pausing both the Bridge and ERC20Vault and urged users to withdraw their funds. Block production was also temporarily stopped by proposers to contain the incident.
The team confirmed the exploit is fully contained, pending transactions are paused (not lost), and users should avoid attempting to bridge assets until further notice.
This incident highlights persistent risks in bridge security, particularly around proof verification systems and key management practices in complex multi-prover setups. While SGX provides hardware-based attestation, improper handling of signing keys can undermine the entire trust model. Taiko said it is preparing a detailed post-mortem and coordinating with partners, including potential legal actions.
$TAIKO token falls after exploit
The $TAIKO token reacted negatively to the news, dropping around 10% to $0.07294 in the hours following the disclosure, according to CoinMarketCap. Some stolen funds, including roughly 2 million TAIKO tokens, were reportedly sent to the MEXC exchange, prompting requests to suspend deposits.
Despite the loss, the project’s quick containment limited damage compared to larger bridge hacks seen this year, including Kelp DAO ($292M), Gravity ($5.4M), Alephium ($815,000), and others.
The incident serves as a reminder for projects relying on trusted execution environments and open-source infrastructure to implement rigorous secret management, such as proper .gitignore rules and secret scanning tools. Taiko users are advised to monitor official channels for updates on bridge resumption and any compensation or recovery plans.
The project’s reputation for innovation in ZK technology may help it recover, but rebuilding full confidence in its bridge infrastructure will require transparent communication and demonstrated security improvements in the coming weeks.
Also Read: Baillie Gifford Debuts Native On-Chain Yield Fund on Solana
