Taiko issued a security notice this week confirming a compromise of its chain state verification mechanism, warning that security assumptions for all bridges deployed on the network could no longer be relied upon. The exploit, which occurred on June 21, 2025, allowed an attacker to drain 649,761.236201 USDC from the ERC20 vault. Taiko strongly advised users to immediately withdraw funds from all bridges and asked centralized exchanges to suspend TAIKO deposits until further notice.
The failure point
According to the notice, the vulnerability was in source-signal proof validation. Forged message proofs were accepted as valid on Ethereum L1 while the Taiko source chain lacked corresponding legitimate MessageSent events. Security firm Blockaid reported that crafted message proofs let the attacker register and later retrieve fraudulent bridge messages, resulting in unauthorized releases from the vault. On-chain evidence shows the USDC moved from Taiko’s ERC20 Vault to an address labeled “Taiko Bridge Exploiter 1” at 22:07:23 UTC on June 21, 2025.
What users were told
Taiko’s advice was blunt: withdraw funds from all bridges deployed on Taiko immediately. The exchange suspension request for TAIKO deposits was meant to prevent further exploitation while the team investigates. The incident highlights that the safe course for users was to pull funds before the bridge layer provided a full public explanation — a point the network itself acknowledged.
Why now?
The exploit happened a year ago, but Taiko only went public this week. The timing of the disclosure isn’t explained in the notice, leaving open questions about how long the vulnerability went undetected or why it took 12 months to confirm and alert users. The delay itself may draw scrutiny from the community.
Separately: a proposal for better L2 security
The article that reported this incident also referenced a proposal from Ethereum co-founder Vitalik Buterin for a hybrid-proof architecture to enhance L2 security and finality. It is unrelated to the Taiko compromise, but the parallel underscores ongoing efforts to harden bridge infrastructure across the ecosystem.
