Taiko, an Ethereum layer-2 blockchain, has urged its users to withdraw assets from the network’s bridges after an exploit on one of its bridge protocols saw attackers make off with $1.7 million in the latest decentralized finance hack this month.
“We have confirmed a compromise of Taiko’s chain state verification mechanism,” Taiko posted to X early on Monday. “As a result, the security assumptions of all bridges deployed on Taiko can no longer be relied upon.”
“We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately,” it added.
It is the latest in a series of crypto protocol exploits this month, which now number at least 23, according to DeFiLlama. The Humanity Protocol and Syscoin Bridge, which lost over $30 million and $8 million, respectively, have been the largest two exploits so far in June.
Source: Taiko
Taiko said it was coordinating partners to contain the incident and had paused affected systems.
Crypto security firm Blockaid said that the root cause appears to be a flaw in how the Taiko bridge validated source signals.
It said that message proofs were accepted as valid on Ethereum without corresponding legitimate proofs on the Taiko blockchain.
“This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault,” Blockaid said.
Blockaid estimated that at least $1 million had been stolen, while Lookonchain and PeckShield suggested the value of assets stolen could be as high as $1.7 million.
The exploiter has already transferred 1.99 million Taiko (TAIKO) tokens worth around $189,000 to MEXC, stated PeckShield. TAIKO is currently trading down 98% from its 2024 peak at $0.084, according to CoinGecko.
Related: Secret Network bridge exploited for $4.7M with ‘infinite mint’ bug
Blockchain intelligence firm Arkham shows Taiko exploiter wallets holding around $1.5 million, primarily in Ether (ETH).
The Taiko exploiter account holds more than $1.5 million in ETH. Source: Arkham Intelligence
Exploits in June are mounting up
The attack comes just days after the discovery on Friday of a smart contract exploit on the Secret Network, which resulted in the theft of $4.67 million worth of assets.
On Saturday, around $1.1 million was drained from the OLPC/LABUBU liquidity pool on PancakeSwap. LABUBU is a memecoin inspired by the popular toys of the same name.
Other notable exploits in June include Aztec Connect, RetoSwap, Raydium AMM, and the largest one so far this month, Humanity Protocol.
Magazine: Bitcoin decouples from tech stocks, Ether eyes ‘selling wave’: Market Moves
