Critical vulnerability in Taiko: hacker withdraws $1.7 million through compromised verification mechanism
On June 22, the team behind the Layer 2 (L2) solution Taiko confirmed the compromise of the blockchain state verification mechanism. The incident has catastrophic consequences for the entire ecosystem: the security of any bridge deployed on the network can no longer be relied upon. Users are strongly advised to immediately withdraw all funds from bridge protocols on Taiko.
Coordination with the security council and key partners has already begun. The team has also asked centralized exchanges to temporarily suspend deposits of the TAIKO token until official notice. This is a standard but necessary measure to prevent further damage.
According to estimates from the analytical platform Lookonchain, the damage from the attack amounts to approximately $1.7 million. The attacker stole native TAIKO tokens and various wrapped versions of Ethereum (wETH). Part of the stolen funds — 1.99 million TAIKO (about $189,000) — has already been sent to the MEXC exchange. At the time of writing the analysis, the hacker still held 870.8 ETH (about $1.52 million).
The market reaction was immediate. Over the course of a day, the price of the TAIKO coin collapsed by 11% — from $0.09 to $0.07. The decline could have been deeper had it not been for the team's prompt actions to block deposits on exchanges.
Analytical commentary: This incident is yet another stark reminder that the security of L2 solutions directly depends on the reliability of their verification mechanisms. The compromise of one such mechanism jeopardizes all liquidity locked in bridges. Users should reassess their risks when using bridge protocols, especially in the early stages of L2 network development.