Taiko Network Halted After Exploit Hit, Sparking Steep Drop in Token Price

Taiko halted block production on its Ethereum layer-2 network and advised users to withdraw funds after detecting a bridge exploit early Monday. The project estimated losses at around $1.7 million before containing the incident, while the TAIKO token—valued at roughly $14.5 million in market cap—fell more than 20% during the session.

The attacker was able to forge withdrawal proofs used by the bridge to confirm that withdrawals matched valid deposits. This allowed fraudulent withdrawal requests to be accepted on Ethereum without corresponding transactions on Taiko’s chain, enabling funds to be drained from the bridge and token vault, according to the team.

Bridges are cross-chain protocols that facilitate asset transfers between networks such as Taiko and Ethereum. Layer-2 systems process transactions off-chain and later settle them on Ethereum to improve scalability and reduce costs.

Initial findings suggest the exploit may have stemmed from a compromised signing key used in generating validity proofs. Security firm BlockSec said a Raiko signing key—responsible for producing these proofs—appears to have been exposed publicly on GitHub.

Such keys are typically stored in secure hardware environments to prevent tampering. If exposed, attackers can impersonate legitimate provers, generate seemingly valid proofs, and trick the system into approving unauthorized Ethereum withdrawals.

In response, Taiko urged users to withdraw from all bridges, requested centralized exchanges to suspend TAIKO deposits, and temporarily halted block production during the investigation.

By around 2 a.m. ET, the team said the exploit had been contained and withdrawals via the main bridge and token vault were stopped. The attacker had already transferred about 2 million TAIKO—worth roughly $170,000—to an address on the MEXC exchange.

While the direct financial impact was limited, the incident underscores persistent vulnerabilities in cross-chain bridge infrastructure, a frequent target for DeFi exploits.

Similar cases include $292 million drained from Kelp DAO’s bridge in April and $11.4 million stolen from the Verus-Ethereum bridge in May. Across 2026, bridge-related exploits have exceeded $340 million in losses across at least 14 incidents, highlighting the continued security risks in the sector.