Freedom Index
Listen to the article
That key is meant to stay sealed inside secure hardware so the proofs can be trusted. With it exposed, the attacker could enroll their own provers as legitimate and sign fraudulent proofs that Taiko’s verifier accepted, then fake a bridge withdrawal that released real assets on Ethereum.
.@taikoxyz was reportedly attacked, with losses exceeding $1.7M. Our initial investigation suggests the likely root cause was an exposed Raiko SGX enclave signing key on GitHub. Raiko is Taiko’s multi-prover stack for Taiko and Ethereum blocks, so an exposed Raiko SGX enclave key… https://t.co/8BIiEeNtYJ pic.twitter.com/eAq9Xjngz8
— BlockSec Phalcon (@Phalcon_xyz) June 22, 2026
Taiko urged all users to withdraw from every bridge on the network, asked centralized exchanges to suspend deposits of its TAIKO token, and had its block producers stop making new blocks during the investigation.
By about 2 a.m. ET it said the exploit was contained and withdrawals through the main bridge and token vault were fully stopped. The exploiter had already moved about 2 million TAIKO, worth roughly $170,000, to an account on the MEXC exchange.
The dollar loss is small, but the flaw came from the same DeFi mechanism that have caused hundreds of millions worth of losses this year.
Forged cross-chain messages drained $292 million from Kelp DAO’s bridge in April and $11.4 million from the Verus-Ethereum bridge in May, the same failure where one chain is tricked into trusting a fake instruction from another. Bridges have produced more than $340 million in losses across at least 14 exploits in 2026, making it the costliest target in crypto. Taiko’s damage stayed contained mainly because the team caught and froze it within hours.
Read the full article here
Fact Checker
Verify the accuracy of this article using AI-powered analysis and real-time sources.