Key Takeaways
- On June 22, hackers exploited a flaw in Taiko’s bridge proof validation to drain a total of $1.7 million.
- The TAIKO token faced massive market volatility, briefly spiking before sliding by over 10%.
- Taiko successfully contained the incident and maintains a request for CEXs to freeze deposits for now.
Technical Flaw Leads to $1.7 Million Loss
Ethereum scaling solution Taiko confirmed June 22 that its chain state verification mechanism had been compromised. As a consequence, the “security assumptions” of all bridges deployed on the platform can no longer be relied upon, Taiko said in a statement.
On Coingecko, the platform token initially appeared to surge on the news, rising from $0.0842 to nearly $0.097 before sliding to $0.075 cents, a drop of approximately 10%. However, according to one social media user, Vietnam Penguin, the token went as high as $0.0133 —an approximately 100% jump—before it began descending.
In a post on X, Taiko said it was working with partners to contain the fallout and identify the culprits.
“We are actively coordinating with the Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and take all necessary technical and legal action. We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately,” Taiko said.
However, in a later update, Taiko claimed that the incident had been contained after it fully stopped withdrawals via the bridge and the ERC-20 vault. As a result, Taiko said users do not need to take action and its earlier advice to withdraw no longer stands. Nevertheless, the request to centralized exchanges to suspend TAIKO deposits remains in place.
The exploit, which blockchain security firms attribute to a flaw in Taiko’s bridge source-signal proof validation, allowed attackers to bypass normal validation protocols. By submitting crafted message proofs that were mistakenly accepted as valid on the Ethereum layer-1 network, the hackers initiated unauthorized withdrawals, draining an estimated $1.7 million from Taiko’s ERC-20 vault.
Meanwhile, the incident highlights how proof verification has become the primary attack surface for layer-2 bridges. According to X user Master of Crypto, the Taiko exploit was unique because it was a fundamental design flaw rather than a traditional hack.
