Taiko urged users to withdraw funds from all bridges spread on its network after confirming that its chain state verification mechanism had been hacked.
summary
- Taiko urged users to withdraw bridge funds after confirming that there has been a settlement of the chain verification mechanism.
- Blockaid said flawed source signal proof checks enabled unauthorized releases from Taiko’s ERC20 Vault on Ethereum.
- Taiko also stopped bidders from producing blocks and asked exchanges to immediately suspend TAIKO deposits.
The Ethereum Layer 2 project said the security assumptions behind its bridge system can no longer be relied upon.
the He notices These warnings followed alerts from blockchain security firm Blockaid, which said its exploit detection system detected an ongoing attack on Taiko’s ERC20 Vault on Ethereum. Siege He estimated losses at more than $1 million and was involved in the victim’s contract, the attacker’s wallet, and exploit transactions.
Blockaid points out a flaw in Taiko’s proof validation
Blockaid said the likely root cause is a flaw in the validation of the Taiko bridge source signal. The prepared message proofs were accepted as valid on Ethereum L1 even though there were no corresponding legitimate “MessageSent” events on the Taiko source chain, the company said.
This allowed the attacker to record and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault. Tyco later confirmed the existence of a broader verification issue and said it was working with the Security Council and ecosystem partners.
Moreover, Taiko too He said All bidders have temporarily stopped producing new blocks while the team investigates and resolves the issue. The project asked central exchanges to immediately suspend TAIKO deposits, and said deposits should only resume after official notice.
team published Several attacker addresses were released as part of the update. It said it would take technical and legal steps when needed, but did not set a timetable for restoring the security of the bridge or resuming block production.
Bridge risks remain in focus
Taiko is an Ethereum-equivalent type-1 ZK-EVM pool designed as a backlog-based pool, where Ethereum L1 validators are expected to help rank transactions. The network launched the mainnet in May 2024 and supports Ethereum-compatible smart contracts and tools.
Meanwhile, crypto.news recently I mentioned Cross-chain bridge exploits caused $28.6 million in losses in May, or about 42% of that month’s total reported by CertiK.
This incident comes after other security failures across the chain this year. Ditto I mentioned By crypto.news, Verus Protocol’s Ethereum bridge lost over $11.5 million in a forged transfer exploit, while Axelar lost helpless Secret network bridge tracks after exploiting $4.7 million.
Moreover, as crypto.news reported earlier, the old Aztec Connect contract She lost about $2.1 million After the verification mismatch, let the unsupported balances move through the Ethereum settlement records.
