A vulnerability in the Taiko bridge has been exploited, resulting in the theft of approximately $1.7 million in assets, according to blockchain security firms. The incident, which occurred over the weekend, prompted Taiko to pause affected systems and coordinate with partners to contain the damage.
Exploit Details
Blockaid, a crypto security firm, identified the root cause as a flaw in how the Taiko bridge validated source signals. The bridge accepted message proofs on Ethereum without requiring corresponding legitimate proofs on the Taiko blockchain. This allowed the attacker to register fraudulent bridge messages and later retrieve them, leading to unauthorized asset releases from the ERC20 vault.
PeckShield and Lookonchain estimated the stolen assets at up to $1.7 million, while Blockaid's initial assessment was at least $1 million. The exploiter has already moved 1.99 million Taiko (TAIKO) tokens, worth about $189,000, to the MEXC exchange. TAIKO is currently trading at $0.084, down 98% from its 2024 peak.
Aftermath and Related Incidents
Blockchain intelligence firm Arkham shows the exploiter's wallets holding around $1.5 million, primarily in Ether (ETH). The attack follows a $4.67 million exploit on the Secret Network bridge just days earlier, and a $1.1 million drain from the OLPC/LABUBU liquidity pool on PancakeSwap. Other notable exploits in June include Aztec Connect, RetoSwap, Raydium AMM, and Humanity Protocol.