An attacker drained approximately $1.7 million from Taiko's Ethereum layer-2 bridge on June 22, 2026, after a developer committed a live RSA-3072 signing key to a public GitHub repository, according to CoinDesk and CryptoTimes. Taiko confirmed the exploit and halted block production around 2 a.m. ET.
How the attacker forged the withdrawals
enclave-key.pem, an RSA-3072 private key from Taiko's Raiko prover stack, was found in the public taikoxyz/raiko GitHub repository, per CryptoTimes. Raiko uses Intel SGX hardware enclaves to generate cryptographic proofs of L2 state. With the private key, the attacker registered a malicious enclave as a legitimate prover, produced fraudulent state attestations, and used them to forge bridge withdrawal proofs that Taiko's L1 contracts accepted as valid, per Thirdweb's technical breakdown. Security firm BlockSec identified the exposed Raiko SGX enclave signing key on GitHub as the "likely root cause" of the breach, per CoinDesk.
Response: bridge paused, users urged to withdraw
Taiko paused the Bridge contract (0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) and ERC20Vault (0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab), halted block production, and urged all users to withdraw remaining bridge funds, according to CryptoTimes. Taiko confirmed the exploit is "fully contained" and that pending transactions are paused but not lost, then asked centralized exchanges to suspend TAIKO deposits.
TAIKO token hits all-time low
TAIKO fell more than 20% from midnight UTC on June 22 to an all-time low, per CoinDesk. CryptoTimes put the immediate post-disclosure drop at roughly 10%, with the token at $0.07294. The attacker moved approximately 2 million TAIKO (about $170,000) to MEXC exchange. Taiko's market cap stood at approximately $14.5 million at the time, making the $1.7 million loss roughly 12% of market cap.
