Ethereum-based rollup protocol Taiko has issued an urgent security notice confirming a compromise of its chain state verification mechanism. The team warned that the security assumptions of all bridges deployed on Taiko can no longer be relied upon and strongly advised users to withdraw their funds immediately.
Taiko issues emergency security notice, shares attacker addresses
In a two-part post on X, Taiko confirmed that its chain state verification mechanism had been compromised. The team stated that it is actively coordinating with the Security Council and ecosystem partners to contain the incident, pause affected systems where possible, and take all necessary technical and legal actions.
“We strongly advise all users to withdraw their funds from all bridges deployed on Taiko immediately,” the team wrote.
In the second part of its announcement, Taiko urgently requested all centralized exchanges (CEXs) to suspend TAIKO deposits immediately and only re-enable them upon official notice from the project. The team also disclosed four attacker wallet addresses to help exchanges and security firms track and freeze the stolen funds:
0x7506DeA0c38ca0B55364B22424374c5A1ae1B76a
0x5fbc60a12bc6635e7d587d8dac52e4b1388b4990
0x3cc936b795a188f0e246cbb2d74c5bd190aecf18
0x9108828e30f2de407aadb0af677b4a9228e4acd4
Block production halted as investigation continues
In a follow-up post, Taiko confirmed that all Taiko proposers have temporarily stopped producing new blocks while the team investigates and works to resolve the issue. This effectively means the network has come to a standstill as a containment measure, preventing any further transactions or potential exploitation while the breach is being assessed.
Earlier, blockchain security firm Blockaid flagged that Taiko’s ERC20 Vault on Ethereum had been attacked, with estimated losses exceeding $1 million. Preliminary analysis from Blockaid indicated that the vulnerability stemmed from a flaw in the source-signal proof verification mechanism of Taiko’s bridge.
This suggests the attacker was able to forge or manipulate proof data to bypass the bridge’s validation checks and drain assets from the vault.
Another Bridge exploit in a brutal year for DeFi security
The Taiko incident adds to what has already been one of the worst years on record for cross-chain bridge exploits. Bridge vulnerabilities remain the most targeted attack surface in decentralized finance, with billions of dollars lost across protocols over the years.
In 2026 alone, notable bridge-related breaches have hit Gravity Bridge ($5.4 million), Axelar-Secret Network ($4.67 million), Alephium TokenBridge ($815,000), and Hyperbridge ($2.5 million), among others. The largest single exploit of the year targeted KelpDAO’s LayerZero-based bridge for approximately $292 million in April.
The Taiko team has stated that further updates will be provided as more information becomes available. Users with funds on any Taiko-deployed bridge are strongly advised to withdraw their assets immediately.
This is a developing story.
Also Read: Weekly Wrap: $122M Liquidated After FOMC Holds Rates, Morgan Stanley Enters ETH ETF Race