The Taiko network has warned users to withdraw funds from all bridges on its Ethereum layer-2 blockchain following a security breach that compromised its chain state verification mechanism. Blockchain security firm BlockSec Phalcon estimated losses exceeding $1.7 million and linked the attack to an exposed Raiko SGX enclave signing key that was publicly accessible on GitHub.
Security Notice and Immediate Actions
In a security notice posted Sunday, the Taiko team stated that the security assumptions underlying all bridges on the network could no longer be relied upon. The project is coordinating with its Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and pursue technical and legal responses. "We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately," the team wrote on X.
Attack Mechanism and Losses
Taiko did not disclose the cause of the breach or provide an estimate of losses, but BlockSec Phalcon's preliminary analysis indicated that the exposed enclave signing key may have broken the SGX prover trust model. Attackers could have used compromised verifier instances to generate fraudulent proofs accepted by Taiko's verification contracts. They then forged a signal to register a fake bridge message and trigger the release of Ethereum-based assets from the protocol's ERC20Vault.
Broader Context of Crypto Exploits
The Taiko breach follows a string of major crypto exploits this year. In April, attackers stole $292 million from KelpDAO's cross-chain bridge in an attack later linked to North Korea's Lazarus Group. In May, Echo Protocol disclosed a breach involving the unauthorized minting of $77 million worth of eBTC on Monad, though realized losses were estimated at about $816,000. Earlier this month, Solana-based exchange Raydium lost $1.34 million after attackers exploited deprecated liquidity pools. In total, DeFi protocols lost more than $840 million in the first five months of the year.