The developers behind the Taiko network have urged users to withdraw funds from all bridges deployed on its Ethereum layer-2 blockchain after confirming a compromise of its chain state verification mechanism.

In a security notice posted Sunday, the project said the security assumptions underlying all bridges on Taiko could no longer be relied upon. The team said it was coordinating with its Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and pursue technical and legal responses.

"We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately," the team wrote on X.

Taiko is an Ethereum layer-2 network that uses zero-knowledge rollups to process transactions more efficiently while remaining compatible with Ethereum. Co-founded by former Loopring CEO Daniel Wang, the network launched its mainnet in May 2024 as dedicated data storage for Ethereum scalers.



Taiko did not disclose the cause of the breach or provide an estimate of losses; however, according to Blockchain security firm BlockSec Phalcon, the attack resulted in losses exceeding $1.7 million. In a preliminary analysis, the firm said the likely cause was an exposed Raiko SGX enclave signing key that had been publicly accessible on GitHub.

“Because the enclave signing key was publicly accessible, the SGX prover trust model may have been broken,” BlockSec Phalcon wrote on X. “The exposed key may have allowed the attacker to register attacker-controlled SGX instances via SgxVerifier.registerInstance.”

According to BlockSec, attackers may have used compromised verifier instances to generate fraudulent proofs that were accepted by Taiko's verification contracts. The attacker then used a forged signal to register a fake bridge message and trigger the release of Ethereum-based assets from the protocol's ERC20Vault.

The Taiko breach follows a string of major crypto exploits. In April, attackers stole $292 million from KelpDAO's cross-chain bridge in an attack later linked to North Korea's Lazarus Group. In May, Echo Protocol disclosed a breach involving the unauthorized minting of $77 million worth of eBTC on Monad, though the project estimated realized losses at about $816,000. Earlier this month, Solana-based exchange Raydium lost $1.34 million after attackers exploited deprecated liquidity pools.

In total, DeFi protocols lost more than $840 million in the first five months of the year.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。