Taiko, an Ethereum-equivalent rollup that settles activity back to the mainnet, lost roughly $1.7 million after an attacker compromised its chain-state verification mechanism. The team confirmed the breach Wednesday and warned that bridge security assumptions on the network can no longer be trusted. They're urging users to immediately withdraw funds from all bridges deployed on Taiko.
How the exploit worked
Blockaid flagged the exploit in a post on X, and Taiko quickly confirmed the compromise. The attacker targeted the chain-state verification system — a critical function that ensures data posted by the rollup is valid before it's accepted. Once that check was broken, the attacker could trick the system into releasing funds it shouldn't have. Taiko said the bridge security assumptions are now effectively void.
Where the funds went
The attacker moved 1.99 million TAIKO tokens — worth about $189,000 — to the exchange MEXC. They still hold 870.8 ETH, valued at nearly $1.52 million. Taiko published four attacker addresses and asked centralized exchanges to suspend TAIKO deposits until further notice.
What Taiko is doing now
The team is coordinating with its Security Council and ecosystem partners to contain the incident. Taiko said it may take technical and legal action. In addition to the deposit freeze request, it advised users to withdraw funds from all bridges immediately. The four published addresses are: 0x7506DeA0c38ca0B55364B22424374c5A1ae1B76a, 0x5fbc60a12bc6635e7d587d8dac52e4b1388b4990, 0x3cc936b795a188f0e246cbb2d74c5bd190aecf18, and 0x9108828e30f2de407aadb0af677b4a9228e4acd4.
June’s growing tally of hacks
DefiLlama counts more than 20 crypto hacks in June 2026 alone. Historically, bridges have ranked among crypto’s costliest weak points, and this year has been no exception. Whether Taiko can recover the stolen funds or trace the attacker further remains unclear — the team has not set a deadline for its next update.
