Taiko halts Ethereum L2 after $1.7 million bridge exploit

Taiko suspended block production on its Ethereum layer-2 network on June 22, 2026 after an attacker forged bridge withdrawal proofs to steal approximately $1.7 million from the protocol's bridge and token vault.

The exploit traced to a single credential failure. An RSA-3072 private key for Taiko's SGX prover, stored in a file named enclave-key.pem, was committed in plaintext to the public GitHub repository taikoxyz/raiko. With that key, the attacker forged Intel SGX enclave registrations, producing fraudulent attestations that Taiko's L1 contracts accepted as valid L2 state proofs. Forged attestations enabled processMessage() calls to mark withdrawal requests as retryable; retryMessage() then released funds from the bridge and ERC20 Vault on Ethereum mainnet with minimal additional checks, per CryptoTimes.

The attacker drained 870.8 ETH (approximately $1.52 million) and 1.99 million TAIKO tokens (approximately $189,000), per Metaverse Post. The attacker moved those tokens to MEXC before the team froze withdrawals. CoinDesk reported the exploit was contained by approximately 2 a.m. ET; the L1 Bridge and ERC20 Vault remain paused pending a full incident review. The TAIKO token fell roughly 10% following the disclosure, per CryptoTimes.