Taiko confirmed on June 22 that its chain status verification mechanism had been hacked, asked users to withdraw from all network bridges immediately and asked all central exchanges to suspend TAIKO deposits.
Taiko published An emergency security notice on X on June 22 indicates that it has confirmed a compromise to its chain state verification mechanism. Tyco said it was working with the Security Council and its ecosystem partners to contain the incident. The Ethereum Layer 2 project said they are temporarily shutting down all affected systems and taking all necessary technical and legal measures.
Taiko urged users to withdraw from all bridges immediately, with further notice to be sent once the situation stabilizes.
Shortly after, the team published a second post listing two attacker wallet addresses and asked central exchanges to halt all TAIKO deposits until they received official clearance from the protocol.
Security firms estimate Tyco’s total losses
On-chain security company Blockaid was the first to do this science Ongoing exploitation of Taiko’s ERC20 Vault on Ethereum. At the time, Blockaid estimated that total losses had already exceeded $1 million. Blockaid attributed the exploit to a weakness in the Taiko Bridge signal provenance verification mechanism.
According to Blockaid’s analysis, the system was manipulated to accept crafted proof messages as valid on the network Ethereum L1. The attackers created fake proofs that bypassed bridge verification, enabling them to log fraudulent cross-chain messages and withdraw assets from the ERC20 vault.
PeckShield later published its analysis, estimating the total loss at approximately $1.7 million. On-chain tracking platform Lookonchain also noted that the attacker’s wallet transferred 1.99 million TAIKO tokens to an address on MEXC, worth about $189,000.
#PeckShieldAlert @taikoxyz It was tapped for approximately $1.7 million.
The scalper has already transferred 1.99 million $Taiko (~ 189.12 thousand dollars) to #Mexicohttps://t.co/uJhqTYrqHH pic.twitter.com/Sl9kesSSUM
– Peak Shield Alert (@peakShieldAlert) June 22, 2026
According to Lookonchain, the rest of the stolen assets, estimated at $1.7 million, are still located in other wallets.
Taiko halted block production in the meantime, triggering a complete network shutdown designed to prevent further exploitation.
Upbit and Bithumb are taking measures to protect users
South Korea’s largest cryptocurrency exchanges, Upbit and Bithumb, suspended deposits and withdrawals at TAIKO within hours of the incident becoming public, citing an unspecified issue on the mainnet. Both exchanges have since placed TAIKO on their delisting watch lists.
In 2026, cross-chain breaches totaled Gravity Bridge ($5.4 million), Axelar-Secret Network ($4.67 million), Hyperbridge ($2.5 million), and Alephium TokenBridge ($815,000). DeFiLlama’s tracker shows more than 20 cryptocurrency hacks in June alone. So far, the Tycho vulnerability ranks as the most structurally significant of the month.
Taiko launched on the mainnet in May 2024 after two years of development. Taiko uniquely relies on Ethereum’s block validators to serialize transactions rather than a separate serialization network.
