Blockaid has identified the technical mechanism behind last week’s roughly $1.7 million Taiko bridge exploit, and Taiko’s own withdrawal warning shows why this incident was more than a typical breach. The flaw was in how Taiko’s bridge checked source-signal proofs, the logic meant to verify that a legitimate message was created on the source chain before assets are unlocked on the other side.
Blockaid said that weakness let message proofs be accepted when they should not have been, allowing an attacker to make the bridge treat a false message as valid and release assets from Taiko’s ERC20 Vault on Ethereum. Taiko then warned users to move funds out of all bridges on the network because the bridge’s security assumptions could no longer be trusted. That warning was not just a routine safeguard. It showed the core verification mechanism behind the bridge had been compromised.