Critical vulnerability in Taiko: hacker compromised verification mechanism and stole $1.7 million
On June 22, a serious security incident occurred in the ecosystem of the L2 solution Taiko. An attacker managed to hack the blockchain state verification mechanism of the network, jeopardizing all bridges deployed on the platform.
Taiko developers promptly confirmed the compromise and stated that the security of bridge protocols can no longer be trusted. Users are strongly advised to immediately withdraw all funds from bridges integrated with the network. Coordination efforts are underway with the security council and key ecosystem partners. Additionally, the team has asked centralized exchanges to suspend deposits of the TAIKO token until an official notice of situation stabilization is received.
Scale of Damage and Market Reaction
Analysts at Lookonchain estimated the damage from the attack at approximately $1.7 million. The hacker stole native TAIKO tokens and various "wrapped" ETH. Part of the stolen funds — 1.99 million TAIKO (about $189,000) — has already been deposited on the MEXC exchange. At the time of publication, the attacker still held 870.8 ETH, equivalent to roughly $1.52 million.
The market reacted immediately: within a day, the TAIKO rate collapsed by 11% — from $0.09 to $0.07. The 15-minute chart of the TAIKO/USDT pair on HTX shows a sharp decline right after the news was published.
Context and Conclusions
This incident highlights the fragility of security in the cross-chain bridge segment. Just a few days before the attack on Taiko, on June 19, a bridge between Axelar and Secret Network was hacked with damages of $4.67 million — the attacker exploited an "infinite mint" vulnerability. Such events underscore that even established L2 solutions are not immune to critical code errors.
Expert opinion. The Taiko hack is another alarming signal for the entire industry. The vulnerability of the blockchain state verification mechanism calls into question the fundamental security principles of L2 networks. Until the team provides a detailed report on the cause of the attack and implements reliable patches, trust in the project will remain undermined. Investors should reconsider the risks of using bridge protocols, especially in an environment where attackers are increasingly targeting basic infrastructure.