Taiko Faces $1.7M Exploit, Urges Immediate Fund Withdrawal

On June 22, Taiko's ERC20 vault on Ethereum was exploited, resulting in a $1.7 million loss due to forged cross-chain message proofs. The stolen funds, primarily in Taiko's TKO token, were quickly deposited into MEXC and other wallets.

Security firm Blockaid identified a flaw in Taiko's bridge proof mechanism, which failed to confirm the existence of a legitimate MessageSent event on the Taiko chain before approving withdrawals. This loophole allowed the attacker to create counterfeit proofs, permitting unauthorized vault access.

Initial estimates by Blockaid indicated losses exceeding $1 million, later revised to about $1.7 million following further on-chain scrutiny.

The attacker acted swiftly, transferring roughly $2 million in TKO tokens to exchanges, raising concerns about potential sell pressure on the market. As of now, Taiko Labs has not provided any public statement regarding recovery efforts or the security of remaining funds.

With Taiko operating as a rollup reliant on Ethereum, this exploit highlights vulnerabilities inherent in cross-chain bridges. Investors worry not only about the immediate loss but potential ongoing risks without clarity from Taiko Labs.