L2 Taiko hack exposed a bridge verification flaw that let attackers drain nearly $2 million from its vaults.
Taiko, an Ethereum Layer-2 solution, warned users to withdraw funds from cross-chain bridges after confirming that its chain-state verification system had been compromised.
The project issued the warning on June 22 after confirming the incident in an X post. As Taiko explained, its chain-state verification mechanism had been compromised, meaning the security assumptions behind all bridges deployed on Taiko could no longer be relied on.
Taiko claims it’s working with its Security Council and ecosystem partners to contain the incident. The team also reassured it paused affected systems where possible and now is working on technical and legal steps.
The team also said it “strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately.”
Read also: Best Layer 2 Coins With the Highest Growth Potential
Taiko Hack Leads to Vault Exploit
Early findings point to Taiko’s vault on Ethereum. As blockchain security firm BlockSec said in an X post, losses appear to exceed $1.7 million. The firm added that an exposed Taiko-related signing key on GitHub may have allowed the attacker to pass fake verification checks and release assets from the vault.
The attacker allegedly made Ethereum-side bridge contracts accept a forged proof, allowing assets to move out even though the matching legitimate event on Taiko hadn’t happened.
But the bridge risk also reached crypto exchanges, prompting Taiko to ask centralized platforms to suspend TAIKO deposits immediately and re-enable them only “upon official notice from Taiko.”
As the news broke, TAIKO fell about 10%, with CoinGecko data showing the token trading near $0.07, close to its all-time low.
Read more: Aztec Connect Hacked Again in One Week — Attacker Drains Another $2.2 Million Via ‘Escape Hatch’
