Taiko halted block production and advised users to pull their funds after a bridge attack that resulted in an estimated loss of $1.7 million.
How the Attack Unfolded
The attacker manipulated the bridge’s proof‑generation process, creating counterfeit withdrawal requests that appeared valid on Ethereum while lacking corresponding deposits on Taiko’s own chain. By exploiting a signing key for the Raiko system that had been inadvertently published on GitHub, the hacker was able to register fraudulent withdrawals and siphon assets from the bridge’s token vault.
BlockSec’s preliminary analysis links the breach to a publicly exposed Raiko SGX enclave signing key, which should have remained sealed within secure hardware. With the key accessible, the attacker could pose as a legitimate prover, sign deceptive proofs, and convince Taiko’s verifier to release real assets on Ethereum.
Impact on Investors and the Crypto Market
Following the incident, the Taiko token’s price experienced a short‑term dip as investors reassessed the network’s security posture. The broader crypto market noted the exploit as a reminder of the risks associated with cross‑chain bridges, prompting heightened scrutiny of similar Layer 2 solutions.
Taiko’s team responded by freezing outbound flows and urging users to withdraw their holdings, while working to patch the vulnerability and restore confidence among investors and the blockchain community.