Taiko halted block production on its Ethereum layer-2 network and urged users to withdraw funds after detecting a bridge exploit early Monday. The team estimated losses at around $1.7 million before quickly containing the incident, while the TAIKO token—valued at roughly $14.5 million in market cap—fell more than 20% since the start of the UTC day.
The attacker was able to forge withdrawal proofs used by the bridge to confirm that withdrawals match legitimate deposits. This allowed invalid withdrawal requests to be accepted on Ethereum without corresponding transactions on Taiko’s chain, enabling unauthorized drains from the bridge and token vault, according to the project.
Bridges are cross-chain systems that move assets between blockchains such as Taiko and Ethereum. Layer-2 networks process transactions off-chain and settle them back to Ethereum to improve speed and reduce costs.
Early analysis suggests the exploit may have been linked to a compromised signing key used in generating validity proofs. Security firm BlockSec said a Raiko signing key—used in the proof-generation process—appears to have been publicly exposed on GitHub.
These keys are typically stored in secure hardware to prevent tampering. If exposed, attackers can impersonate legitimate provers, produce seemingly valid proofs, and trick the system into approving fraudulent withdrawals on Ethereum.
Following the discovery, Taiko asked users to withdraw funds from all bridges, requested centralized exchanges to suspend TAIKO deposits, and temporarily stopped block production while investigating the breach.
By around 2 a.m. ET, the team said the exploit had been contained and withdrawals via the main bridge and token vault were halted. The attacker had already transferred about 2 million TAIKO—worth roughly $170,000—to a wallet on the MEXC exchange.
Although the financial damage was limited, the incident underscores persistent risks in cross-chain bridge infrastructure, which has been a frequent target for DeFi exploits this year.
Similar cases include $292 million drained from Kelp DAO’s bridge in April and $11.4 million stolen from the Verus-Ethereum bridge in May. Bridge-related exploits have now surpassed $340 million across at least 14 incidents in 2026, making them one of the most heavily attacked sectors in crypto. Taiko’s losses were contained largely due to rapid detection and response.
