Taiko Pauses Ethereum Layer-2 After Bridge Exploit

Taiko, an Ethereum layer-2 network, stopped block production on Monday after an attacker exploited its bridge and stole about $1.7 million. The project told users to withdraw funds and asked centralized exchanges to suspend deposits of its TAIKO token while it investigated the incident.

The development matters because bridges remain one of crypto’s most exposed infrastructure points. Taiko’s loss was limited compared with other major bridge incidents this year, but the attack used the same broad weakness in cross-chain messaging that has driven more than $340 million in losses across at least 14 bridge exploits in 2026.

According to Taiko, the attacker forged the proofs used to confirm that withdrawals corresponded to real deposits. That allowed fake withdrawal requests to be accepted on Ethereum without matching transactions on Taiko, draining assets from the bridge and token vault before the team halted activity.

Security firm BlockSec said its initial investigation pointed to a likely exposed signing key for Raiko, the proving stack Taiko uses to verify transactions. If such a key is compromised, an attacker can make fraudulent proofs appear legitimate to the verifier, enabling real assets to be released on Ethereum.

Taiko said the exploit had been contained by around 2 a.m. ET, with withdrawals through the main bridge and token vault halted. CoinDesk reported that the exploiter had moved about 2 million TAIKO, worth roughly $170,000, to an account on MEXC, and that Taiko was preparing a full incident report.