A critical vulnerability in Taiko's chain state verification mechanism has compromised the security assumptions of all bridges deployed on the Ethereum Layer 2 network, prompting an urgent warning for users to withdraw funds. Security firms estimate losses from the exploit at between $1 million and $1.7 million.
Attack Exploits Bridge Verification Flaw
Blockaid, a crypto security firm, identified the root cause as a flaw in how Taiko bridges verify source signals. Attackers could submit message proofs on Ethereum that lacked legitimate proof from the Taiko chain, allowing them to register and withdraw fraudulent bridge messages. This led to unauthorized release of assets from ERC20 vaults.
Stolen Funds and Ongoing Investigation
PeckShield reported that the attacker transferred approximately 1.99 million TAIKO tokens, worth about $189,000, to the MEXC exchange. Arkham data shows the attacker's wallet currently holds around $1.5 million in assets, primarily Ether. Taiko stated it is coordinating with partners to contain the incident and has suspended affected systems. The team urged users to immediately withdraw funds from any affected bridges.