{"id":32598,"date":"2026-06-22T05:45:43","date_gmt":"2026-06-22T05:45:43","guid":{"rendered":"https:\/\/bitunikey.com\/news\/taiko-warns-users-to-exit-bridges-after-1m-vault-exploit\/"},"modified":"2026-06-22T05:45:49","modified_gmt":"2026-06-22T05:45:49","slug":"taiko-warns-users-to-exit-bridges-after-1m-vault-exploit","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/taiko-warns-users-to-exit-bridges-after-1m-vault-exploit\/","title":{"rendered":"Taiko warns users to exit bridges after $1m vault exploit"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Taiko has urged users to withdraw funds from all bridges deployed on its network after confirming a compromise of its chain state verification mechanism.\u00a0<\/p>\n<div id=\"cn-block-summary-block_1b4e959736af3aa97a025270011c73b5\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Taiko urged users to withdraw bridge funds after confirming a chain verification mechanism compromise.<\/li>\n<li>Blockaid said flawed source-signal proof checks enabled unauthorized releases from Taiko\u2019s ERC20 Vault on Ethereum.<\/li>\n<li>Taiko also stopped proposers from producing blocks and asked exchanges to suspend TAIKO deposits immediately.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The Ethereum Layer 2 project said the security assumptions behind its bridge system could no longer be relied upon.<\/p>\n<p>The <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/taikoxyz\/status\/2068857506718515320?s=20\" target=\"_blank\" rel=\"nofollow\">notice<\/a> followed alerts from blockchain security firm Blockaid, which said its exploit detection system found an ongoing attack on Taiko\u2019s ERC20 Vault on Ethereum. <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/blockaid_\/status\/2068832205250412661?s=20\" target=\"_blank\" rel=\"nofollow\">Blockaid<\/a> put losses at more than $1 million and shared the victim contract, attacker wallet and exploit transactions.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\u26a0\ufe0f Security Notice<\/p>\n<p>We have confirmed a compromise of Taiko\u2019s chain state verification mechanism. As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon.<\/p>\n<p>We are actively coordinating with the Security Council and ecosystem partners to\u2026<\/p>\n<p>\u2014 Taiko.eth \ud83e\udd41 (@taikoxyz) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/taikoxyz\/status\/2068857506718515320?ref_src=twsrc%5Etfw\">June 22, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Blockaid points to Taiko proof validation flaw<\/strong><\/h2>\n<p>Blockaid said the likely root cause was a flaw in Taiko bridge source-signal proof validation. The firm said crafted message proofs were accepted as valid on Ethereum L1 even though there were no matching legitimate \u201cMessageSent\u201d events on the Taiko source chain.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The root cause appears to be a flaw in Taiko bridge source-signal proof validation. Crafted message proofs were accepted as valid on Ethereum L1 without corresponding legitimate MessageSent events on the Taiko source chain.<\/p>\n<p>This allowed the attacker to register and later\u2026<\/p>\n<p>\u2014 Blockaid (@blockaid_) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/blockaid_\/status\/2068832536642326566?ref_src=twsrc%5Etfw\">June 21, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>That allowed the attacker to register and later retrieve fraudulent bridge messages, leading to unauthorized asset releases from the ERC20 vault. Taiko later confirmed a broader verification problem and said it was working with the Security Council and ecosystem partners.<\/p>\n<p>Moreover, Taiko also <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/taikoxyz\/status\/2068892212876980236?s=20\" target=\"_blank\" rel=\"nofollow\">said<\/a> all proposers had temporarily stopped producing new blocks while the team investigates and resolves the issue. The project asked centralized exchanges to suspend TAIKO deposits immediately and said deposits should resume only after an official notice.<\/p>\n<p>The team <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/taikoxyz\/status\/2068858820332556566?s=20\" target=\"_blank\" rel=\"nofollow\">published<\/a> several attacker addresses as part of its update. It said it would take technical and legal steps where needed, but did not give a timeline for restoring bridge security or restarting block production.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Bridge risks remain in focus<\/strong><\/h2>\n<p>Taiko is a Type 1 Ethereum-equivalent ZK-EVM rollup designed as a based rollup, where Ethereum L1 validators are expected to help order transactions. The network launched mainnet in May 2024 and supports Ethereum-compatible smart contracts and tools.<\/p>\n<p>Meanwhile, crypto.news recently reported that cross-chain bridge exploits caused $28.6 million in May losses, or about 42% of that month\u2019s total reported by CertiK.<\/p>\n<p>The incident comes after other cross-chain security failures this year. As previously reported by crypto.news, Verus Protocol\u2019s Ethereum bridge lost more than $11.5 million in a forged-transfer exploit, while Axelar disabled Secret Network bridge routes after a $4.7 million exploit.<\/p>\n<p>Moreover, as crypto.news earlier reported, an old Aztec Connect contract lost about $2.1 million after a verification mismatch let unbacked balances move through Ethereum settlement records.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Taiko has urged users to withdraw funds from all bridges deployed on its network after confirming a compromise of its chain state verification mechanism.\u00a0 Summary Taiko urged users to withdraw&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-32598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=32598"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32598\/revisions"}],"predecessor-version":[{"id":32599,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/32598\/revisions\/32599"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29669"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=32598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=32598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=32598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}