Key facts
- Taiko's cross-chain bridge is operational again after a $1.7 million exploit.
- The hack was caused by a compromised SGX signing key exposed on GitHub.
- All users affected by the exploit have been compensated.
- The bridge reopened after security fixes and a 1:1 asset backing restoration.
- Conservative withdrawal quotas are in place as a temporary safeguard.
Ethereum layer-2 blockchain Taiko has reopened its cross-chain bridge and restored full operations after a June exploit drained up to $1.7 million. The project announced on Thursday that users can once again move funds to and from the network, concluding a four-step recovery plan. Taiko stated that all affected users have been made whole, and any remaining withdrawal limits are temporary safeguards that do not impact normal usage. The reopening follows an 11-day disruption after security fixes were implemented and the bridge's 1:1 asset backing was restored. The exploit occurred on June 21 when an attacker compromised Taiko’s chain-state verification mechanism, enabling unauthorized withdrawals from its Ethereum vault. Blockchain security firms estimated that approximately $1.7 million in crypto assets were stolen. Taiko's token, TAIKO, experienced a surge of up to 136% following the bridge's reopening. The project outlined its recovery plan on Sunday, which included deploying fixes, verifying the chain's finalized state, and submitting changes for review by its security council and independent experts. The network then replenished the bridge to ensure assets were backed 1:1 by Ethereum holdings. Taiko has not disclosed how the bridge's backing was restored or if stolen assets were recovered, but plans to publish a full post-mortem.
