Taiko halts Ethereum L2 after bridge exploit drains $1.7 million

Taiko paused block production on its Ethereum layer-2 network on June 22, 2026, after an attacker used a leaked cryptographic key to generate fraudulent withdrawal proofs and drain approximately $1.7 million from the protocol's bridge and token vault.

How the exploit worked

A private signing key for Taiko's Raiko SGX enclave had been left publicly accessible on GitHub, which security firm BlockSec identified as the likely root cause. With that key, the attacker enrolled rogue provers into the network and generated fake layer-2 state attestations. Those forged proofs cleared Taiko's Ethereum-side verifier, authorizing withdrawals with no corresponding MessageSent events on the Taiko chain, and the attacker drained the L1 Bridge and ERC20Vault.

Market impact and response

Before the halt, the attacker moved roughly 2 million TAIKO tokens, worth approximately $170,000, to MEXC exchange. The TAIKO token fell more than 10% immediately after the disclosure; CoinDesk reported intraday losses reaching 20%, against a market cap of $14.5 million.

Taiko's Security Council paused the Bridge and ERC20Vault contracts, halted block production network-wide, and urged all users to withdraw from every bridge on the network. The team also requested exchanges suspend TAIKO deposits. Taiko said the exploit was contained by approximately 2 a.m. ET on June 23, with a full incident report to follow.

Bridge exploits in 2026

The attack fits a pattern that has cost the sector $340 million across at least 14 bridge exploits so far in 2026. Thirdweb's technical breakdown observed that a single leaked credential can undermine an entire trust model regardless of the surrounding cryptography. In Taiko's case, that credential was a key file committed to a public repository.