Taiko lost $1.7M after attackers exploited a leaked SGX signing key, registering rogue provers and draining assets from its Ethereum bridge.
Author: Akshat Thakur
June 22, 2026- The Taiko Bridge Exploit resulted in approximately $1.7 million in losses after attackers abused a publicly exposed SGX signing key to register rogue provers and authorize fraudulent withdrawals from Taiko’s canonical Ethereum bridge.
High Signal Summary For A Quick Glance
karterw
@karterw273064
@blockaid_ @taikoxyz Not an issue, no one using that chain
🚨Blockaid's exploit detection system has identified an ongoing exploit on @taikoxyz ERC20 Vault on Ethereum (~$1M+) More details in 🧵
01:27 AM·Jun 22, 2026
Command
@k0mm4nd
@blockaid_ @taikoxyz Seems SGX prover exploit on Taiko. attacker registered a rogue SGX instance via permissionless registerInstance() (DCAP-verified, zero validity delay), proved a fabricated L2 block, and drained ~$1M+ from the ERC20 Vault through forged bridge messages.
🚨Blockaid's exploit detection system has identified an ongoing exploit on @taikoxyz ERC20 Vault on Ethereum (~$1M+) More details in 🧵
01:26 AM·Jun 22, 2026
S7iter
@S7iter_
@blockaid_ @taikoxyz wtf
🚨Blockaid's exploit detection system has identified an ongoing exploit on @taikoxyz ERC20 Vault on Ethereum (~$1M+) More details in 🧵
12:59 AM·Jun 22, 2026
High attention and emotional sentiment detected.
The exploit unfolded between June 21 and June 22, targeting Taiko’s Ethereum-based bridge infrastructure rather than the Layer 2 network itself.
According to Taiko’s security notice, attackers compromised the chain-state verification mechanism that underpins bridge security assumptions. As a precaution, the team urged users to immediately withdraw funds from bridges operating on Taiko and later paused the affected contracts to contain the incident.
Security firms including CertiK and Blockaid independently analyzed the exploit and reached similar conclusions regarding the attack vector. The team subsequently paused the bridge and ERC20 Vault, and Taiko later confirmed that it had contained the exploit.
Taiko relies on a proving architecture known as Raiko, which incorporates Intel SGX enclaves to verify proofs.
At the center of the incident was a file called enclave-key.pem, which had been publicly accessible within Taiko’s GitHub repository. The file was used in SGX enclave signing processes and allowed attackers to derive the trusted signer measurement known as trustedUserMrSigner.
Once attackers obtained that value, they could register malicious SGX instances that appeared legitimate to the bridge verification system.
This effectively allowed them to produce valid-looking attestations and withdrawal proofs despite no corresponding legitimate withdrawal events occurring on Taiko Layer 2.
The Taiko Bridge Exploit was not a direct smart contract bug in the bridge logic.
Instead, the attackers abused the trust model that verified SGX provers.
After registering rogue SGX instances, the attackers generated fraudulent withdrawal messages and signatures that the Ethereum bridge contracts accepted. Those forged proofs enabled the ERC20 Vault to release assets without any genuine deposits or withdrawals occurring on Taiko L2.
The attacker repeatedly used bridge functions such as retryMessage to drain assets.
On-chain analysis shows that the attacker extracted approximately 650,000 USDC, around 130 ETH, and several additional assets across multiple transactions. The attacker wallet has been identified as:
0x7506DeA0c38ca0B55364B22424374c5A1ae1B76a
The address has since begun moving funds, with some reports indicating transfers toward centralized exchanges.
Timeline of the Taiko Bridge Exploit
The enclave-key.pem file used for Gramine SGX signing is committed to Taiko’s public Raiko repository. Because the key is publicly accessible, anyone can derive the trustedUserMrSigner value used in the attestation process.
An attacker derives the trustedUserMrSigner value from the exposed signing key, registers rogue SGX instances that successfully pass attestation checks, and begins generating fraudulent withdrawal proofs and signed bridge messages.
The attacker executes the first significant exploit transaction, draining approximately 650,000 USDC from the ERC20 Vault through forged proof verification on the Taiko Bridge.
Blockaid publicly alerts the community to the ongoing exploit, estimating losses at more than $1 million at the time of detection and identifying suspicious activity targeting the ERC20 Vault.
Taiko issues its first public security notice, confirming a compromise affecting the chain-state verification mechanism and advising users to withdraw assets from all bridge integrations as a precaution.
Taiko confirms that the incident has been contained. The L1 Bridge and ERC20 Vault are paused, preventing any additional withdrawals while the investigation continues.
CertiK Alert releases a detailed analysis explaining how the publicly exposed enclave-key.pem enabled attackers to derive the trustedUserMrSigner value and bypass the intended SGX trust assumptions.
Taiko remains in active incident-response mode. Prover infrastructure and bridge systems stay paused while the team prepares a comprehensive post-mortem and evaluates long-term remediation measures.
The financial loss is relatively modest compared with some of crypto’s largest bridge hacks.
The bigger concern is what the exploit reveals about operational security.
The Taiko Bridge Exploit demonstrates how strong cryptographic systems can fail when key-management procedures break down. SGX attestation functioned as intended. The problem was that the signing material used to establish trust had become publicly available.
This distinction is important because the incident was not caused by a flaw in Intel SGX itself. Instead, it stemmed from how the trust anchor was managed.
The event also reignites scrutiny around bridge architectures, which remain one of the industry’s most frequently exploited infrastructure layers.
To understand the exploit, it helps to understand how SGX trust works.
Intel SGX enclaves are isolated execution environments designed to prove that approved code is running securely.
One verification method uses a value called MRSIGNER, which identifies the key that signed the enclave.
Taiko’s bridge trusted SGX instances whose MRSIGNER matched a predefined value called trustedUserMrSigner.
Because the signing key was publicly available, attackers could derive the same MRSIGNER measurement and create their own SGX instances that appeared trusted.
The bridge therefore accepted signatures from attacker-controlled provers even though they were not legitimate Taiko infrastructure.
In short, the security mechanism worked exactly as designed, but attackers undermined the underlying trust anchor.
Following news of the exploit, the TAIKO token reportedly fell between 10% and 16%, with trading volume increasing significantly as investors reacted to the security incident.
The broader crypto community focused heavily on the exposed key issue.
Many security researchers described the incident as an operational security failure rather than a cryptographic failure. Technical discussions on X centered around the fact that SGX verification becomes ineffective if signing keys are exposed publicly.
While some retail traders framed the event as another bridge hack, security professionals largely emphasized that the root cause was preventable key-management failure.
Several important questions remain unresolved.
Taiko has not yet published a full post-mortem explaining how long the exposed key remained vulnerable, whether attackers have registered additional malicious SGX instances, or whether the company will compensate affected users.
The final list of affected assets and transactions also remains under review.
Investigators continue tracking the attacker’s funds, though recovery remains uncertain given that some assets have already begun moving.
The bridge and ERC20 Vault remain paused while the team completes its investigation and remediation efforts.
The immediate priority is restoring trust in the proving and verification system.
Taiko will likely rotate all affected trust anchors, review SGX registration processes, and implement stronger operational controls around key management.
Developers, security researchers, and users will closely watch the upcoming post-mortem because it will determine whether the issue was isolated or indicative of broader procedural weaknesses.
For now, the exploit serves as a reminder that sophisticated security architectures are only as strong as the operational practices that support them.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Taiko Bridge Exploit Drains $1.7M Through SGX Key Exposure
Axelar Secret Network Hack Drains $4.67M via IBC Bridge
ZachXBT Changelly Scam: Mule Reports Own Frozen Funds
Aztec Connect Exploit Drains $2.19M From Legacy Contract
Taiko Bridge Exploit Drains $1.7M Through SGX Key Exposure
Axelar Secret Network Hack Drains $4.67M via IBC Bridge
ZachXBT Changelly Scam: Mule Reports Own Frozen Funds
Aztec Connect Exploit Drains $2.19M From Legacy Contract
