Ethereum-based rollup Taiko has confirmed a compromise of its chain state verification mechanism.
In a statement on the social media platform X, Taiko said that due to the compromise, all bridges deployed on the protocol are no longer considered secure.
"We are actively coordinating with the Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and take all necessary technical and legal actions," Taiko wrote. "We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately."
Taiko also requested that centralized exchanges suspend deposits of its native token immediately until further notice from the protocol.
In a follow-up X post, Taiko wrote that all of its proposers have halted the production of new blocks while the team investigates the issue.
At around 2:08 a.m. ET on Monday, Taiko published an update saying that the exploit has been contained, and withdrawals through the L1 Bridge and the ERC20Vault have been fully stopped.
"What happened: an attacker exploited a flaw in our bridge message-proof verification," Taiko wrote in its latest update. "Forged message proofs were accepted on L1 without a legitimate event on the source chain, which let them register fraudulent withdrawals and pull funds from the bridge and token vault."
Taiko's confirmation of the exploit followed an earlier report from onchain security firm Blockaid, which pointed to a flaw in the Taiko bridge's source-signal proof validation as the likely root cause.
"Crafted message proofs were accepted as valid on Ethereum L1 without corresponding legitimate MessageSent events on the Taiko source chain," Blockaid wrote. "This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault."
While Blockaid reported the losses to be around $1 million, follow-up reports from onchain analytics platform PeckShield said the stolen amount totals around $1.7 million, and the exploiter has moved 1.99 million Taiko tokens (worth about $169,702) to an address on the MEXC exchange.
In its latest update, Taiko confirmed that the estimated losses were around $1.7 million before the pause. The team also said it is preparing a full post-mortem of the incident.
Taiko is a based rollup — a type of rollup that relies on Ethereum block validators to sequence transactions. It launched on mainnet in May 2024 after being in development since 2022.
Story updated at 3:10 a.m. Monday ET with Taiko's latest announcement.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
