Skip to content
Est. MMXXVIVol. VI · № 298RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 298Bridge Exploit

Taiko Bridge Forged-Proof Exploit

A leaked SGX signing key in Taiko's public GitHub let an attacker forge bridge proofs and drain about $1.7M from the L1 Bridge and ERC20Vault on Ethereum.

Date
Victim
Taiko
Chain(s)
EthereumTaiko
Status
Funds Stolen

On June 22, 2026, Taiko — an Ethereum Layer-2 "based rollup" — had its bridge drained for approximately $1.7 million after an attacker exploited a leaked signing key to forge withdrawal proofs. The funds were pulled from Taiko's L1 Bridge and ERC20Vault contracts deployed on Ethereum mainnet, and the team halted block production while it investigated.

What happened

Security firm Blockaid flagged the exploit in real time, while BlockSec (via its Phalcon monitoring) traced the root cause to an operational blunder: an Intel SGX RSA-3072 private signing key for Taiko's Raiko proving stack had been committed in plaintext as enclave-key.pem to the public taikoxyz/raiko GitHub repository. With that key, the attacker could register fraudulent SGX prover instances and generate forged L2 state attestations that Taiko's verification contracts accepted as genuine. Across two phases, the attacker submitted a forged source signal to register a fake bridge message and trigger the release of Ethereum-based assets from the ERC20Vault — without any matching legitimate event on the Taiko source chain. This is the same failure mode as Nomad, where fraudulent messages were waved through as valid, and echoes the trusted-key compromise at the heart of Ronin.

Aftermath

Taiko's proposers halted production of new blocks, and the team urged users to withdraw funds from affected bridges immediately. Blockaid published the victim contract, the attacker's wallet, and the exploit transactions; on-chain trackers reported that roughly 2 million TAIKO of the proceeds were routed to the MEXC exchange, prompting requests to suspend deposits. The TAIKO token fell by roughly 10–20% on the news. Taiko said it was preparing a detailed post-mortem and coordinating with partners, including potential legal action. As of reporting, no funds had been recovered.

Why it matters

The Taiko incident is a textbook case of secrets hygiene as a bridge's true attack surface: the cryptography was sound, but a single private key checked into a public repository collapsed the entire trust model behind the rollup's proof system. It joins a growing 2026 run of bridge failures — Verus, Syscoin — and underscores that proof-verification bridges are only as honest as the keys that sign their attestations. When an attacker can mint a "valid" proof at will, the vault has no way to tell a real withdrawal from a forged one.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/tech/2026/06/22/taiko-halts-its-ethereum-layer-2-network-after-a-bridge-exploit-token-dives-10
  2. [02]decrypt.cohttps://decrypt.co/371769/ethereum-layer-2-taiko-withdraw-bridge-funds-security-breach
  3. [03]theblock.cohttps://www.theblock.co/post/405486/taiko-confirms-exploit
  4. [04]cryptotimes.iohttps://www.cryptotimes.io/2026/06/22/1-7m-gone-taiko-bridge-exploited-after-sgx-signing-key-leak/
  5. [05]blog.thirdweb.comhttps://blog.thirdweb.com/taiko-bridge-exploit-explained-how-a-leaked-key-led-to-1-7m-in-forged-withdrawals/
  6. [06]coininsider.comhttps://www.coininsider.com/news/taiko-bridge-drained-of-1-7-million-via-forged-proofs-as-taiko-token-falls-20/

Related filings