Taiko paused block production on its Ethereum layer-2 network and advised users to withdraw funds after a bridge exploit was discovered early Monday. The team estimated losses at about $1.7 million before quickly containing the issue, while the TAIKO token—worth roughly $14.5 million in market capitalization—dropped more than 20% since the start of the UTC day.
The attacker was able to forge withdrawal proofs tied to Taiko’s bridge system, which verifies whether withdrawals correspond to legitimate deposits. This allowed fraudulent withdrawal requests to be accepted on Ethereum without any matching transaction on Taiko’s chain, enabling the draining of funds from the bridge and token vault, according to the project.
Bridges are cross-chain protocols that enable asset transfers between blockchains such as Taiko and Ethereum. Layer-2 networks process transactions off the main chain and later settle them on Ethereum to improve scalability and reduce costs.
Initial findings suggest the exploit may have stemmed from a compromised signing key used in the proof-generation process. Security firm BlockSec said a Raiko signing key—used to generate validity proofs—appears to have been exposed publicly on GitHub.
Such keys are normally stored in secure hardware environments to prevent tampering. If exposed, attackers can impersonate legitimate provers, generate valid-looking proofs, and trick the system into approving unauthorized withdrawals on Ethereum.
In response, Taiko urged users to withdraw from all bridges, requested centralized exchanges to suspend TAIKO deposits, and temporarily halted block production while investigating the incident.
By around 2 a.m. ET, the team said the exploit had been contained and withdrawals through the main bridge and token vault were stopped. The attacker had already moved about 2 million TAIKO—worth roughly $170,000—to an address on the MEXC exchange.
While the direct losses were relatively small, the exploit highlights ongoing vulnerabilities in cross-chain bridge infrastructure, a recurring target in DeFi attacks this year.
Similar incidents include $292 million drained from Kelp DAO’s bridge in April and $11.4 million from the Verus-Ethereum bridge in May. In total, bridge-related exploits have surpassed $340 million across at least 14 incidents in 2026, making them one of the most heavily targeted areas in crypto. Taiko’s losses were limited largely due to rapid detection and containment within hours.
