TLDR
- Taiko’s Ethereum layer-2 bridge was exploited, with attackers stealing up to $1.7 million in assets.
- The root cause was a flaw in how the Taiko bridge validated source signal proofs, allowing forged messages.
- Attackers used fake proofs to release funds from the ERC20 vault without legitimate corresponding events on Taiko’s chain.
- The exploiter moved nearly 2 million Taiko tokens to the MEXC exchange; around $1.5 million remains in attacker wallets, mostly in Ether.
- Taiko has halted block production, paused affected systems, and urged all users to withdraw funds from bridges immediately.
Ethereum layer-2 protocol Taiko confirmed a security breach on Monday that allowed attackers to drain up to $1.7 million from its bridge. The team has halted block production and told users to withdraw funds as quickly as possible.
Taiko Urges Users to Withdraw From Bridges After Verification Mechanism Compromise
Taiko said in a security notice that it has confirmed a compromise of its chain state verification mechanism, and that the security assumptions of all bridges deployed on Taiko can no longer be… pic.twitter.com/qdRW2r1X8l
— Wu Blockchain (@WuBlockchain) June 22, 2026
What Happened
The exploit targeted Taiko’s chain state verification mechanism. Onchain security firm Blockaid identified the issue as a flaw in how the Taiko bridge validated source signals.
Specifically, crafted message proofs were accepted as valid on Ethereum’s main layer without any matching events on the Taiko network itself. This let the attacker register fraudulent bridge messages and then pull funds from the ERC20 vault without legitimate backing.
Blockaid initially put losses at around $1 million. Later analysis from PeckShield and Lookonchain raised that figure to approximately $1.7 million.
The attacker transferred 1.99 million Taiko tokens, worth roughly $170,000–$189,000 depending on timing, to the MEXC exchange. Blockchain intelligence firm Arkham shows around $1.5 million still sitting in exploiter wallets, the majority held in Ether.
Taiko’s Response
Taiko posted to X confirming the compromise and said it was working with its Security Council and ecosystem partners to contain the damage. The team paused affected systems and halted all block proposers from producing new blocks while the investigation continues.
Taiko also asked centralized exchanges to suspend deposits of its native token until further notice.
“The security assumptions of all bridges deployed on Taiko can no longer be relied upon,” the team wrote, urging all users to withdraw bridge funds immediately.
Taiko is a based rollup, meaning it relies on Ethereum validators to sequence transactions. It launched on mainnet in May 2024.
Part of a Broader June Pattern
This attack is one of at least 23 crypto exploits recorded in June 2026, according to DeFiLlama.
The month’s largest hack was against Humanity Protocol, which lost over $30 million. Syscoin Bridge lost more than $8 million. Secret Network was hit just days earlier for $4.67 million through an infinite mint bug. And around $1.1 million was drained from a liquidity pool on PancakeSwap over the weekend.
Taiko’s native token is currently trading at $0.084, down 98% from its 2024 peak.
