BlockSec: Taiko is suspected to have suffered losses of over 1.7 million US dollars due to GitHub leak of SGX proof key attack According to BlockBeats, on June 22nd, according to BlockSec monitoring, the Taiko network was attacked and lost over $1.7 million. Preliminary investigations suggest that the possible root cause is the Raiko SGX enclave signature key exposed on GitHub. Raiko is Taiko's multi prover stack, used for Taiko and Ethereum blocks, so the exposed Raiko SGX enclave key may directly affect Taiko's on chain proof verification path. Due to the publicly accessible enclave signature key, the SGX prover trust model may have been compromised. The exposed key may allow attackers to register SGX instances controlled by the attacker. Once registered, these instances can sign the proof public input accepted by the Taiko proof validator, allowing fraudulent state/signal proofs to pass. The attacker then registered the fake bridge message as RETRIABLE using the forged source signal, and then called retryMessage to make ERC20Vault release the L1 asset of the specification. [Original link]