Taiko, an Ethereum scaling solution, confirmed on June 22 that its bridge was compromised. Hackers drained about $1.7 million from Taiko's ERC-20 vault before the team could stop withdrawals. The exploit targeted a specific weakness in how the bridge validates cross-chain messages.
What went wrong
The vulnerability was in Taiko's bridge source-signal proof validation mechanism. That's the part of the system that checks whether a message sent from another chain is legitimate. Hackers found a way to bypass those checks and pull funds from the vault.
Immediate response
Taiko halted withdrawals as soon as the breach was detected. The pause lasted for about six hours, according to the team. By then, the $1.7 million was already gone. The stolen assets were in various ERC-20 tokens, though Taiko hasn't listed which ones.
The team is still investigating how the attacker identified the flaw and whether any funds can be recovered. They haven't announced a timeline for reopening withdrawals or deploying a patch. For now, users are stuck waiting — and wondering if this is a one-off bug or a deeper issue in Taiko's chain state verification system.
