Taiko Layer-2 Network Suffers $1.7M Exploit Due to Exposed SGX Signing Key
Taiko, an Ethereum layer-2 network using zero-knowledge rollups, confirmed a security breach in its chain state verification mechanism, prompting users to withdraw funds from all bridges on the platform. The incident, disclosed in a Sunday security notice, revealed that the protocol’s security assumptions for its bridges could no longer be trusted.
While Taiko did not release details on the cause or losses, blockchain security firm BlockSec Phalcon estimated damages exceeding $1.7 million. The attack was traced to an exposed Raiko SGX enclave signing key, which was publicly accessible on GitHub. The compromised key allowed attackers to register malicious SGX instances, generate fraudulent proofs, and manipulate Taiko’s verification contracts. This enabled the theft of Ethereum-based assets from the protocol’s ERC20Vault via a forged bridge message.
Taiko, co-founded by former Loopring CEO Daniel Wang, launched its mainnet in May 2024 as a scalable solution for Ethereum. The team is coordinating with its Security Council and partners to mitigate the breach, pausing affected systems and pursuing technical and legal responses.
The incident follows a surge in DeFi exploits, including a $292 million theft from KelpDAO in April (linked to North Korea’s Lazarus Group) and a $1.34 million loss on Solana-based Raydium earlier this month. In total, DeFi protocols have lost over $840 million in the first five months of 2024.
Source: https://decrypt.co/371769/ethereum-layer-2-taiko-withdraw-bridge-funds-security-breach
Taiko TPRM report: https://www.rankiteo.com/company/taiko-labs
"id": "tai1782147968",
"linkid": "taiko-labs",
"type": "Breach",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Decentralized Finance (DeFi)',
'name': 'Taiko',
'type': 'Blockchain protocol'}],
'attack_vector': 'Exposed SGX signing key',
'customer_advisories': 'Withdraw funds from all bridges on the platform',
'description': 'Taiko, an Ethereum layer-2 network using zero-knowledge '
'rollups, confirmed a security breach in its chain state '
'verification mechanism, prompting users to withdraw funds '
'from all bridges on the platform. The incident revealed that '
'the protocol’s security assumptions for its bridges could no '
'longer be trusted due to an exposed Raiko SGX enclave signing '
'key, which allowed attackers to register malicious SGX '
'instances, generate fraudulent proofs, and manipulate Taiko’s '
'verification contracts to steal Ethereum-based assets.',
'impact': {'brand_reputation_impact': 'Yes',
'financial_loss': '$1.7 million',
'operational_impact': 'Paused affected systems, users advised to '
'withdraw funds',
'systems_affected': 'Taiko’s verification contracts, ERC20Vault, '
'bridges'},
'initial_access_broker': {'entry_point': 'Exposed Raiko SGX enclave signing '
'key on GitHub',
'high_value_targets': 'Taiko’s verification '
'contracts, ERC20Vault'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Security assumptions for bridges must be rigorously '
'validated; sensitive keys must not be publicly '
'accessible.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Enhance key management '
'practices, improve security '
'audits, and strengthen '
'verification mechanisms.',
'root_causes': 'Exposed SGX signing key allowed '
'malicious SGX instances to be '
'registered, enabling fraudulent '
'proofs and asset theft.'},
'recommendations': 'Implement stricter access controls for signing keys, '
'conduct regular security audits, and enhance monitoring '
'of critical infrastructure.',
'references': [{'source': 'Taiko Security Notice'},
{'source': 'BlockSec Phalcon'}],
'regulatory_compliance': {'legal_actions': 'Pursuing technical and legal '
'responses'},
'response': {'communication_strategy': 'Public security notice',
'containment_measures': 'Paused affected systems, advised users '
'to withdraw funds',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Coordinating with Security Council and '
'partners to mitigate the breach',
'third_party_assistance': 'BlockSec Phalcon (security firm)'},
'stakeholder_advisories': 'Users advised to withdraw funds from bridges',
'title': 'Taiko Layer-2 Network Suffers $1.7M Exploit Due to Exposed SGX '
'Signing Key',
'type': 'Exploit',
'vulnerability_exploited': 'Publicly accessible Raiko SGX enclave signing key '
'on GitHub'}