Taiko Halts Its Ethereum Layer 2 After a Bridge Exploit: What Happened and How to Protect Your Funds
— By Tony Rabbit in News

On June 22, 2026, Ethereum Layer 2 Taiko confirmed a bridge exploit, halted block production, and urged users to withdraw from every bridge on its network before saying the incident was contained. Security firms estimate the loss at roughly 1.7 million dollars from forged proofs. Here is what happened, how the attack worked, and what on-chain users should do when a bridge issues a warning.
On June 22, 2026, Taiko, an Ethereum Layer 2 network, confirmed a security breach on its cross-chain bridge, halted block production, and issued an emergency notice telling users to withdraw funds from every bridge on the network. According to Taiko's official account, the security assumptions underlying all of its bridges could no longer be relied upon, and the team asked centralized exchanges to suspend TAIKO deposits while it investigated. Several hours later Taiko posted an update saying the incident had been contained, with its bridge and token vault paused and the earlier withdraw advice no longer in effect.
The dollar amount involved was modest by the standards of major crypto hacks, but the way the attack worked makes it one of the more technically notable bridge incidents of the year. Here is a clear, sourced breakdown.
What Taiko is and why a bridge exploit matters
Taiko is a decentralized, Ethereum-equivalent (Type-1) zkEVM rollup, often described as a based rollup because it delegates transaction sequencing to Ethereum Layer 1 validators instead of running a single centralized sequencer. To move assets between Ethereum and Taiko, the network uses a native bridge that cryptographically proves a withdrawal on one chain matches a real message or deposit on the other. In plain terms, a withdrawal on Ethereum should only be valid if it corresponds to a genuine transaction on Taiko. If you are new to the project, our guide on what Taiko is and how its Type-1 zkEVM works covers the basics.
That proof check is the entire security model of the bridge. Defeat it, and you can convince the bridge to release real funds for a withdrawal that never happened. That appears to be exactly what the attacker did.
How the attack worked
According to security firm BlockSec, whose findings were reported by Decrypt and CoinDesk, the attacker generated fraudulent proofs that Taiko's verification contracts accepted as genuine, then forged a signal for a fake bridge message that released assets from the network's ERC20 token vault. BlockSec's preliminary investigation traced the likely cause to a Raiko prover signing key, tied to an Intel SGX secure enclave, that had been left publicly exposed on GitHub. Taiko had not published a full postmortem confirming the root cause at the time of writing, so this remains a security-firm finding rather than a confirmed official explanation.
The detail matters because Taiko's prover system is supposed to anchor trust in secure hardware. Provers register and post bonds, and an SGX signing key is meant to stay sealed inside the enclave so that only legitimate proofs are accepted. If that key is exposed, an attacker can register rogue prover instances and sign proofs the network treats as valid. This is not a classic smart-contract bug so much as a key-management and trust-model failure, a pattern that has defined several of 2026's largest bridge incidents.
How much was lost
Security firms BlockSec and PeckShield independently estimated the loss at roughly 1.7 million dollars, primarily in USDC and ETH. Taiko itself did not publish a loss figure. On-chain trackers cited by CoinDesk also flagged that the attacker moved close to 2 million TAIKO, worth around 170,000 dollars, toward the MEXC exchange. The TAIKO token fell materially on the day, with reports ranging from roughly 10 percent to more than 20 percent depending on the snapshot time, as the news spread during an intraday move.
For perspective, that estimated 1.7 million dollar loss is small relative to TAIKO's market capitalization of around 14 million dollars on June 22, 2026, according to CoinGecko. The damage here is as much about confidence in the bridge's trust model as it is about the size of the theft.
Contained, but a warning for the sector
Taiko said it activated its Security Council, paused the affected bridge and token vault, and stopped withdrawals through them, which is why its initial withdraw guidance no longer applied once the incident was contained. The team also said it would strengthen controls around prover registration and verification.
The episode lands in a year when bridges have again been crypto's most-exploited surface. Industry tallies cited by trade press put 2026 bridge-hack losses in the hundreds of millions of dollars, led by the roughly 292 million dollar KelpDAO incident in April that we covered in our roundup of 2026's largest DeFi hacks. A recurring theme across these incidents is that the weak point is increasingly off-chain infrastructure and key management, not the on-chain contracts themselves.
What to do when a bridge or L2 issues a warning
Incidents like this are a reminder that self-custody includes incident response. If a network you use tells people to withdraw, move quickly but carefully. Where withdrawals are still open, move funds back to Ethereum Layer 1 or to a chain that is not affected. Just as important, revoke token approvals you have granted to the affected bridge or app. Disconnecting your wallet from a site is not the same as revoking an on-chain approval, which persists until you cancel it, and a token approval checker lets you see and revoke standing permissions.
Before moving back into any token after an incident, it is worth re-verifying what you are interacting with. You can run a contract through the DEXTools Token Safety Checker for honeypot, mint and ownership flags, and if you bridge regularly, our guide on crypto bridge costs and risks covers what to watch. Always confirm instructions through a project's verified official channels, since attackers often follow an exploit with fake recovery or refund links. This article is information only and is not financial advice.