Key Takeaways:
- Taiko confirmed a compromise in its chain state verification mechanism.
- The exploit is estimated to have cashed out a sum of approximately USD 1.7 million from the infrastructure of the protocol’s bridge.
- All users have been advised to remove assets from all the deployed bridges on Taiko.
A critical vulnerability in Taiko’s chain state verification mechanism is what has prompted the security alert. This incident has sparked fears that L2 bridges are vulnerable to attacks in Ethereum.
The vulnerability enabled messages to be accepted on Ethereum as a fraudster, resulting in unauthorised withdrawals of assets from the ERC20 vault on Ethereum, according to security researchers.
Taiko Warns Users to Exit Bridge Positions
Taiko confirmed that the assumptions protecting bridge security can no longer be trusted following the incident. The team said it is working with its Security Council and ecosystem partners to contain the damage, pause affected systems, and coordinate technical and legal responses.
⚠️ Security Notice
We have confirmed a compromise of Taiko’s chain state verification mechanism. As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon.
We are actively coordinating with the Security Council and ecosystem partners to…
— Taiko.eth ???? (@taikoxyz) June 22, 2026
The users were strongly urged to withdraw all the amount from all the bridges that were operating on the network as a precautionary step.
The note is one of the most severe security notices sent by any major layer-2 project on Ethereum this year, as it applies to the same underlying trust model for bridge operations.
Read More: $2.1M Aztec Exploit Sparks Alarm as Funds Drain From Long-Abandoned Privacy Protocol
Faulty Proof Validation Enabled Fake Messages
The root cause might be in the source-signal proofs validation process, according to blockchain security firm Blockaid. It also reportedly enabled a proof of message design to be submitted to the Ethereum chain without there being any legitimate MessageSent events on Taiko.
Fraudulent Messages Triggered Unauthorized Withdrawals
Forged proofs were able to pass verification, and they were then able to be redeemed for real-money. This ultimately resulted in unauthorized releases of the ERC20 vault, Blockaid said.
The firm declared that it was not about private key misappropriation or compromise of the validators. Instead, the exploit focuses on the challenge to verify messages between chains as bridges.
This is one of the biggest vulnerabilities of cross-chain infrastructure, with failures in message authentication potentially resulting in asset loss.
Read More: $290M KelpDAO Hack SHOCK: LayerZero Points to Fatal DVN Flaw, Lazarus Suspected
Attacker Moves Tokens While Holding Large ETH Position
The total losses were estimated around $1.7 million, says Blockchain analytics platform, Lookonchain.
Traders estimate that the opponent traded about $189,000 worth of the tokens into the MEXC exchange via 1.99 million tokens TKO. According to on-chain data, the presence of the exploiters is still a bit more than 870 ETH, worth approximately $1.5 million.
The assets have still not been retrieved and can easily be tracked on-chain by security researchers.
The occurrence comes on the heels of a barrage of bridge and DeFi hacks over the last few weeks. Even complex verifier chains could become the target of bots or hackers, as they maintain large amounts of locked tokens in the process.
The post Taiko Bridge Hack Drains $1.7M appeared first on CryptoNinjas.
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments