As exploit attacks against DeFi protocols continue to rise, Ethereum-based L2 blockchain Taiko became the latest victim over the weekend. An estimated $1.7 million are feared stolen from this attack as Taiko continues to investigate the incident. As a precautionary measure, network has paused operations and is not processing any new transactions. Essentially no new blocks are bing added to the Taiko network.
Addressing the situation, Taiko says its chain state verification mechanism was what was compromised. This is typically a process to check and verify current data of a blockchain like balances, transactions, and smart contracts through a cryptographic process to ensure the network hasn’t been tampered with.
Because this key safety provision of the network was breached Taiko said, “the security assumptions of all bridges deployed on Taiko can no longer be relied upon.”
The network operators, on Sunday, had also advised users to withdraw funds from all the bridges deployed on Taiko. As per latest update shared by the L2 on Monday, that the security incident has been contained and that no more funds can be drained from its holdings.
“The bridge is offline both ways so don’t try to bridge. Pending transactions are paused, not lost. More info coming soon,” said the blockchain that launched on the mainnet in May 2024.
Charles Guillemet, the Chief Technology Officer at Ledger, shared his take on how the attack was executed, calling it a key management failure.
“The attacker derived MrSigner from the public key, signed their own malicious enclave with the leaked key, and registered as a trusted prover. The L1 contracts trust any enclave whose MrSigner matches. It matched. No key theft. No social engineering. No SGX exploit. Just a .pem in a public repo.,” Guillemet said. He also shared a screenshot of the related code to validate his explanation.
The attackers have been traced as wiring the funds to the MEXC exchange, on-chain intelligence firm Lookonchain said. It claimed that the stolen funds could be close to $2 million. Data by Arkham Intelligence shows the same.
Against the badrckop of this attack, the Taiko token — ranking 836th on the CoinMarketCap index — dropped in price by over 13 percent. At the time of writing, the token was trading at $0.07383. The market cap of the token at $14 million has taken a a 12 percent hit over the last 24 hours.
Source: CoinMarketCap
The incident came just days after the Axelar Network was exploited for $4.6 million and the Aztec Network was breached twice leading to losses exceeding $2 million last week.
Over $840 million are feared lost between January and May this year to DeFi hacks, research reports claim.
