Ethereum-based rollup protocol Taiko has issued an urgent security notice confirming a compromise of its chain state verification mechanism. The team warned that the security assumptions of all bridges deployed on Taiko can no longer be relied upon and strongly advised users to withdraw their funds immediately.
Taiko issues emergency security notice, shares attacker addresses
In a two-part post on X, Taiko confirmed that its chain state verification mechanism had been compromised. The team stated that it is actively coordinating with the Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and take all necessary technical and legal actions.
“We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately,” the team wrote.
In the second part of its announcement, Taiko urgently requested all centralized exchanges (CEXs) to suspend TAIKO deposits immediately and only re-enable them upon official notice from the project. The team also disclosed four attacker wallet addresses to help exchanges and security firms track and freeze the stolen funds:
- 0x7506DeA0c38ca0B55364B22424374c5A1ae1B76a
- 0x5fbc60a12bc6635e7d587d8dac52e4b1388b4990
- 0x3cc936b795a188f0e246cbb2d74c5bd190aecf18
- 0x9108828e30f2de407aadb0af677b4a9228e4acd4
PeckShield Estimates Losses at $1.7 Million
Blockchain security firm PeckShield flagged the incident on X, estimating total losses from the Taiko exploit at approximately $1.7 million. The figure is higher than Blockaid’s earlier estimate of over $1 million, which specifically pointed to losses from Taiko’s ERC20 Vault on Ethereum.
Blockaid’s preliminary analysis indicated that the vulnerability stemmed from a flaw in the source-signal proof verification mechanism of Taiko’s bridge, suggesting the attacker was able to forge or manipulate proof data to bypass the bridge’s validation checks and drain assets from the vault.
Block production halted as investigation continues
In a follow-up post, Taiko confirmed that all Taiko proposers have temporarily stopped producing new blocks while the team investigates and works to resolve the issue. This effectively means the network has come to a standstill as a containment measure, preventing any further transactions or potential exploitation while the breach is being assessed.
Earlier, blockchain security firm Blockaid flagged that Taiko’s ERC20 Vault on Ethereum had been attacked, with estimated losses exceeding $1 million. Preliminary analysis from Blockaid indicated that the vulnerability stemmed from a flaw in the source-signal proof verification mechanism of Taiko’s bridge.
This suggests the attacker was able to forge or manipulate proof data to bypass the bridge’s validation checks and drain assets from the vault.
Another bridge exploit adds to a brutal year for DeFi security
The Taiko incident adds to what has already been one of the worst years on record for cross-chain bridge exploits. Bridge vulnerabilities remain the most targeted attack surface in decentralized finance, with billions of dollars lost across protocols over the years.
In 2026 alone, notable bridge-related breaches have hit Gravity Bridge ($5.4 million), Axelar-Secret Network ($4.67 million), Alephium TokenBridge ($815,000), and Hyperbridge ($2.5 million), among others. The largest single exploit of the year targeted KelpDAO’s LayerZero-based bridge for approximately $292 million in April.
The Taiko team has stated that further updates will be provided as more information becomes available. Users with funds on any Taiko-deployed bridge are strongly advised to withdraw their assets immediately.
This is a developing story.
Also Read: Weekly Wrap: $122M Liquidated After FOMC Holds Rates, Morgan Stanley Enters ETH ETF Race
