- Taiko urged users to withdraw funds after a bridge verification breach.
- Attackers drained about $1.7 million after exploiting fake bridge messages.
- Taiko halted block production and requested that exchanges pause deposits.
Taiko has warned users to pull funds from all bridges after a breach hit its chain-state verification system, breaking the trust model used by bridges across the network. The project also asked centralized exchanges to halt TAIKO deposits until further notice.
Blockaid first flagged the attack with early estimates putting losses above $1 million. Later on-chain analysis showed roughly $1.7 million in assets left the protocol.
Taiko Halts Block Production
Taiko confirmed that its chain-state verification mechanism had been compromised. The team said all bridges deployed on the network should be treated as unsafe until the issue is fixed.
The project is working with its Security Council and ecosystem partners to contain the damage and pause affected systems. It also said technical and legal action is under consideration.
All Taiko proposers have temporarily stopped producing new blocks while the investigation continues.
Fake Bridge Messages Triggered Unauthorized Releases
According to Blockaid and independent researchers, the exploit targeted Taiko’s ERC20 Vault on Ethereum. Attackers managed to make fake bridge messages appear valid on Ethereum despite there being no matching MessageSent events on the Taiko chain.
Security researcher Defi Nerd said the attack began with a setup transaction at 19:03:59 UTC on June 21 at Ethereum block 25367938. Asset releases took place between 22:07:23 UTC and 22:18:23 UTC across blocks 25368853 to 25368908.
The attacker reportedly registered new SGX verifier instances, saved a checkpoint, and then used that accepted state to pass forged messages through the bridge system. Ten message-processing calls followed, eventually allowing withdrawals from the ERC20 vault.
The stolen assets included 675,761.23 USDC, 138,139.56 USDT, 156,832.01 crvUSD, 130 ETH, 20.70 WETH, 0.42 WBTC, 0.53 weETH, 126,160.97 CRV, 2.14 million iZi tokens, and 1.99 million TAIKO.
Security researchers said the ERC20 vault itself was not the root problem. The issue came from the proof validation path that accepted forged messages.
Funds Start Moving to Exchanges
Lookonchain reported that the attacker has already transferred 1.99 million TAIKO, worth about $189,000, to MEXC. The wallet still holds 870.8 ETH valued at roughly $1.52 million.
The incident adds another major breach to a month that has already seen more than 20 crypto hacks. Despite the exploit, TAIKO briefly jumped 11.5% over the last 24 hours, rising from around $0.087 to $0.097 before giving back gains. The token trades near $0.0853 at press time.
Related: Humanity Protocol Exploit Drags Into 13th Hour as H Token Collapses 99.9%
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
