Ethereum L2 rollup Taiko lost $1.7M when an attacker forged cross-chain bridge proofs, convincing the L1 bridge to release assets without matching deposits on the L2.
On June 22, 2026, Ethereum layer-2 network Taiko confirmed a compromise of its chain state verification mechanism. An attacker exploited a flaw in the bridge's source-signal proof validation, crafting message proofs that were accepted as valid on Ethereum L1 even though no corresponding legitimate MessageSent events existed on the Taiko source chain. This allowed the attacker to register fraudulent bridge messages and later retrieve them, resulting in unauthorized asset releases from the ERC20 vault. The attacker registered a rogue SGX instance through the permissionless prover registration system, submitted invalid proofs, and the system accepted them. Taiko halted all block production and urged users to withdraw from all bridges.
The attacker moved 1.99 million TAIKO tokens (~$189,000) to MEXC exchange. The attacker wallet still holds ~870.8 ETH (~$1.52M). Taiko requested CEXs suspend TAIKO deposits; Bithumb and Upbit complied. No recovery reported.
0xtaiko-exploit-1