Taiko suspended all block production on June 22, 2026, after attackers drained approximately $1.7 million from its ERC20 Vault by exploiting a proof-generation signing key left publicly accessible on GitHub, CoinDesk reported.
The attacker forged cross-chain withdrawal proofs that Ethereum's mainnet accepted as valid despite no corresponding deposits on Taiko's chain, then drained assets from the bridge and ERC20 Vault. Security firm BlockSec traced the flaw to an exposed Raiko SGX enclave signing key on GitHub, per CoinDesk. Raiko is Taiko's proof-generation component, the system that attests transaction validity to Ethereum. With the key public, the attacker could produce proof signatures the bridge's verification layer accepted as legitimate, Bankless Times reported.
Response and containment
Taiko shut down its L1 cross-chain bridge and ERC20 Vault. The team posted an urgent warning: "We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately," according to CryptoTimes. The team also disclosed four attacker wallet addresses and asked centralized exchanges to suspend TAIKO deposits. Taiko contained the exploit by approximately 2 a.m. ET and said it is "preparing a full breakdown of the incident," CoinDesk reported.
Token and exchange fallout
On-chain trackers identified roughly 1.99 million TAIKO tokens moving to MEXC in the hours after the attack, per Bankless Times. Korean exchanges Upbit and Bithumb temporarily suspended TAIKO deposits and withdrawals. The TAIKO token fell more than 20% from its midnight UTC price after the exploit was announced, CoinDesk reported.
For proof-based L2 networks, the Taiko breach shows the limit of cryptographic attestation when key hygiene fails: a leaked signing key invalidates the security guarantees of the proof system itself. The math held; the key management did not.
