Bridge Vulnerability Prompts Taiko to Issue Urgent Withdrawal Warning After $1.7M Loss
A critical security breach in Taiko's chain state verification system has enabled attackers to create fake proofs and execute unauthorized fund withdrawals from the platform's Ethereum bridge and ERC20 Vault.
Following a security breach that allowed hackers to steal $1.7 million from one of its bridge protocols, Taiko, a layer-2 blockchain operating on Ethereum, has issued an urgent advisory for users to immediately remove their assets from the network's bridge infrastructure, marking yet another significant decentralized finance security incident this month.
"We have confirmed a compromise of Taiko's chain state verification mechanism," Taiko announced via its X account in the early hours of Monday. "As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon."
"We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately," the company emphasized in its warning.
This incident represents another entry in an expanding list of cryptocurrency protocol breaches occurring throughout this month, with DeFiLlama documenting a minimum of 23 separate exploits to date. The most substantial losses in June have been experienced by the Humanity Protocol and Syscoin Bridge, suffering damages exceeding $30 million and $8 million, respectively.
According to Taiko's statement, the organization is actively working with partner entities to mitigate the incident's impact and has implemented pauses on all compromised systems.
Analysis from Blockaid, a cryptocurrency security company, indicates that the underlying issue stems from a vulnerability in the Taiko bridge's source signal validation process.
The security firm explained that message proofs were being recognized as legitimate on the Ethereum network despite the absence of corresponding valid proofs on Taiko's own blockchain infrastructure.
"This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault," Blockaid stated in their assessment.
While Blockaid's initial estimates placed the stolen amount at a minimum of $1 million, separate analyses from Lookonchain and PeckShield indicate that the total value of compromised assets could reach as high as $1.7 million.
According to PeckShield's findings, the individual responsible for the exploit has already moved 1.99 million Taiko (TAIKO) tokens valued at approximately $189,000 to the MEXC exchange. Data from CoinGecko shows TAIKO is currently valued at $0.084, representing a 98% decline from its highest point in 2024.
Intelligence gathered by Arkham, a blockchain analysis firm, reveals that wallets associated with the Taiko exploiter currently contain approximately $1.5 million, with the majority of these holdings in Ether (ETH).
Exploits in June are mounting up
This security breach follows closely on the heels of another incident discovered on Friday involving a smart contract vulnerability on the Secret Network, which led to the unauthorized extraction of assets valued at $4.67 million.
The following day, on Saturday, approximately $1.1 million in funds were extracted from the OLPC/LABUBU liquidity pool hosted on PancakeSwap. LABUBU represents a memecoin that draws inspiration from the widely recognized toys sharing the same name.
Additional significant security breaches throughout June have affected platforms including Aztec Connect, RetoSwap, Raydium AMM, with the Humanity Protocol experiencing the most substantial loss recorded during this month to date.