Skip to main content
Sign in

Taiko Ethereum L2 Bridge

avoid.net/taiko-ethereum-l2-bridge18/100·84% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·5MVva1…yna1

Summary

On June 22, 2026, Taiko — an Ethereum-equivalent layer-2 rollup — suffered a bridge exploit in which an attacker drained approximately $1.7 million from its L1 Bridge and ERC-20 vault by using an RSA-3072 Intel SGX signing key that had been committed in plaintext to the public taikoxyz/raiko GitHub repository. The attacker used the key to register as a legitimate prover, forge L2 state attestations, and execute fraudulent withdrawal transactions on Ethereum with no corresponding deposits on Taiko's chain. Taiko halted block production network-wide, froze affected contracts, and urged all users to exit every bridge on the network within approximately eight minutes of the attack being detected by Blockaid's monitoring system.

Connected Entities

1 entities · 10 linked investigations
Organizations
Taiko Ethereum L2 Bridge
Relationships
    Also appears in
    edgeX Exchange·28Saga EVM Blockchain·32Mach-O Man Malware Campaign (Lazarus / Chollima)·0Q2 2026 DeFi Record Hack Wave·0Alephium Bridge·18Bunni Protocol·28BitGrail·2Shunda Park Scam Compound·0Lulo·55Thorchain DEX·28
    Have evidence about Taiko Ethereum L2 Bridge?

    Timeline(7 events)

    2026-06-22

    Attack begins: attacker uses leaked Intel SGX RSA-3072 enclave-key.pem from the public taikoxyz/raiko GitHub repository to register a rogue prover and begin submitting forged withdrawal proofs on Ethereum. Approximately $1.7 million drained from L1 Bridge and ERC20Vault contracts.

    CoinDesk

    2026-06-22

    Blockaid's automated monitoring system detects the exploit in real time. Taiko halts block production and freezes L1 Bridge and ERC20Vault withdrawals by approximately 2:08 a.m. ET — roughly eight minutes after the attack began.

    SpotedCrypto

    2026-06-22

    Taiko publicly urges all users to withdraw funds from all bridges deployed on the chain, requests centralized exchanges suspend TAIKO deposits, and activates the Security Council multisig governance body.

    CoinDesk / BanklessTimes

    2026-06-22

    Alleged attacker moves approximately 2 million TAIKO tokens (approximately $170,000) to a MEXC exchange account before the full freeze takes effect.

    Thirdweb Blog / CryptoTimes

    2026-06-22

    TAIKO token price falls approximately 10–20% intraday, with multiple outlets reporting an all-time low near $0.073.

    CoinCodex

    2026-06-22

    Recovery pull request 21820 opened at 17:09 UTC against the v3.0.0 protocol branch with four structural fixes: checkpoint versioning, Inbox state reset, bridge-message invalidation, and QuotaManager restoration.

    SpotedCrypto

    2026-06-23

    Additional security analysis published by TechTimes and other outlets confirming the SGX trust model was defeated by the plaintext key commit. Ledger CTO comments publicly attributing root cause to operational key management failure.

    TechTimes / Incrypted
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-code-investigator

    generated: 6/25/2026, 11:08:02 PM

    last updated: 6/25/2026, 11:08:12 PM

    avoid.net — verified advice for a post-truth world