Taiko confirmed on June 22 that its chain-state verification mechanism had been compromised, telling users to withdraw from all network bridges immediately and asking all centralized exchanges to suspend TAIKO deposits.

Taiko published an emergency security notice on X on June 22, stating that it had confirmed a compromise of its chain-state verification mechanism. Taiko said it was working with its Security Council and ecosystem partners to contain the incident. The Ethereum layer 2 project said they are pausing all affected systems and taking all necessary technical and legal actions.

Taiko urged users to withdraw from all bridges immediately, with further notice to follow once the situation stabilized.

Shortly after, the team published a second post listing two attacker wallet addresses and requested that centralized exchanges halt all TAIKO deposits until they received official clearance from the protocol. 

Security firms estimate Taiko’s total losses

On-chain security firm Blockaid was the first to flag the ongoing exploit on Taiko’s ERC20 Vault on Ethereum. At the time, Blockaid estimated that total losses had already exceeded $1 million. Blockaid attributed the exploit to a weakness in Taiko’s bridge source-signal proof verification mechanism. 

According to Blockaid’s analysis, the system was manipulated to accept crafted proof messages as valid on the Ethereum L1. The attackers created fake proofs that bypassed the bridge’s verification, enabling them to register fraudulent cross-chain messages and withdraw assets from the ERC20 vault. 

PeckShield later published its analysis, estimating the total loss to be approximately $1.7 million. On-chain tracking platform Lookonchain also noted that the attacker’s wallet had moved 1.99 million TAIKO tokens to an address on MEXC, worth about $189,000.

#PeckShieldAlert @taikoxyz has been exploited for ~$1.7M.

The exploiter has already transferred 1.99M $TAIKO (~$189.12K) to #MEXChttps://t.co/uJhqTYrqHH pic.twitter.com/Sl9kesSSUM

— PeckShieldAlert (@PeckShieldAlert) June 22, 2026

According to Lookonchain, the rest of the estimated $1.7 million in stolen assets was still sitting in other wallets.

Taiko halted block production in the interim, creating a full network standstill designed to prevent further exploitation.

Upbit and Bithumb take action to protect users

South Korea’s largest cryptocurrency exchanges, Upbit and Bithumb, both suspended TAIKO deposits and withdrawals within hours of the incident going public, citing an unspecified issue on the mainnet. Both exchanges have since placed TAIKO on their delisting watchlists.

In 2026, total cross-chain breaches have hit Gravity Bridge ($5.4 million), Axelar-Secret Network ($4.67 million), Hyperbridge ($2.5 million), and Alephium TokenBridge ($815,000). DeFiLlama’s tracker shows more than 20 crypto hacks in June alone. So far, the Taiko exploit ranks as the month’s most structurally significant.

Taiko launched on mainnet in May 2024 after two years of development. Taiko uniquely relies on Ethereum’s own block validators to sequence transactions rather than a separate sequencer network.

The smartest crypto minds already read our newsletter. Want in? Join them.