On June 21, 2026, an attacker drained approximately $1.7 million (later rising to $2.2 million) from Taiko's bridge by exploiting an RSA private key used for Intel SGX enclave signing that had been publicly committed... The attacker forged SGX attestations, registered rogue provers, and drained the ERC 20 Vault.

Create a landscape editorial hero image for this Studio Global article: Search & fact-check with cited sources for What four-step restart plan has Ethereum Layer 2 project Taiko announced following its June 21 br. Article summary: On June 21, 2026, Ethereum Layer 2 project Taiko suffered a bridge exploit that drained approximately $1.7 million (some later estimates rose to ~$2.2 million) after an attacker leveraged an exposed Raiko Intel SGX encla. Topic tags: general, general web, user generated. Style: premium digital editorial illustration, source-backed research mood, clean composition, high detail, modern web publication hero. Use reference image context only for broad subject, composition, and topical grounding; do not copy the exact image. Avoid: logos, brand marks, copyrighted characters, real person likenesses, fake screenshots, UI text, readable text, watermarks, charts with fa
On June 21, 2026, Ethereum Layer 2 project Taiko suffered a bridge exploit that drained approximately $1.7 million (and potentially up to ~$2.2 million) after an attacker leveraged an exposed Raiko Intel SGX enclave signing key that had been publicly leaked on GitHub . The team has since announced a four-step staged restart plan, confirmed that no user funds will be lost, and implemented additional security, legal, and anti-phishing measures.
The root cause of the exploit was an RSA private key — the Raiko SGX enclave signing key — that was inadvertently exposed on GitHub . This key, used by the Raiko prover to cryptographically sign attestations of correct block verification, had been publicly committed to the taikoxyz/raiko repository for roughly two years
. An attacker used the leaked key to register rogue provers and forge withdrawal proofs on Taiko's cross-chain bridge
. Specifically, they crafted a forged message proof that was accepted on Ethereum L1 without a legitimate event being generated on the source chain, allowing them to drain assets from the ERC-20 Vault
. The exploit was first detected by security firm BlockSec, which identified the exposed Raiko signing key on GitHub as the root cause
. The stolen assets were primarily in USDC and ETH
.
After independent security reviews confirmed the attack path was closed, Taiko outlined a phased restart :
Step 1 — Restore chain activity. Bring the Taiko L2 network back online and resume normal block production after deploying the security patch .
Step 2 — Ensure bridge assets are fully backed 1:1. Before the bridge reopens, the team will fully replenish all undercollateralized bridged assets, making user balances 100% backed .
Step 3 — Reopen L2 activity fully. Allow normal L2 transactions to resume with the patched infrastructure .
Step 4 — Unpause bridge withdrawals under conservative quotas. Withdrawals from the bridge will be reintroduced gradually with quotas to maintain safety during the initial period .
Taiko explicitly stated that "this incident will not result in any loss of user funds" . The exploit left the bridge temporarily undercollateralized. Taiko committed to fully replenishing the missing collateral before reopening the bridge, ensuring all user balances are 1:1 backed
. The team is collaborating with the Taiko DAO Council and Security Council to coordinate the recovery
. A formal report was also submitted to Singaporean authorities as part of the cooperative process
.
Taiko is working closely with its Security Council and ecosystem partners on the investigation and has coordinated with centralized exchanges to block TAIKO deposits as a precaution . The team urged users to immediately withdraw funds from all bridges deployed on the Taiko network and warned that the security assumptions behind those bridges could no longer be relied upon during the incident
. Taiko has also publicly warned the community to be vigilant against phishing scams and impersonation attempts that often follow major exploits, advising users to only trust communications from Taiko's official social media channels
. The project is pursuing legal and investigative avenues with law enforcement and security partners to track and potentially recover the stolen funds, though specific case details have not been publicly disclosed
.
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
On June 21, 2026, an attacker drained approximately $1.7 million (later rising to $2.2 million) from Taiko's bridge by exploiting an RSA private key used for Intel SGX enclave signing that had been publicly committed...
On June 21, 2026, an attacker drained approximately $1.7 million (later rising to $2.2 million) from Taiko's bridge by exploiting an RSA private key used for Intel SGX enclave signing that had been publicly committed... The attacker forged SGX attestations, registered rogue provers, and drained the ERC 20 Vault.
Taiko's recovery includes restoring chain activity, replenishing bridge assets to 100% coverage, reopening L2 activity, and then unpausing bridge withdrawals under conservative quotas.