EGW-NewsTaiko Got Hacked for $1.7M. Then the Token Went Up 9x.
Taiko Got Hacked for $1.7M. Then the Token Went Up 9x.
187
Add as a Preferred Source
0
0

Taiko Got Hacked for $1.7M. Then the Token Went Up 9x.

On June 22, someone drained $1.7 million from Taiko's Ethereum L2 bridge. Not by finding some clever smart contract bug, by finding a private key. An RSA-3072 key called enclave-key.pem, sitting in Taiko's public GitHub repo (taikoxyz/raiko), free for anyone with an account to download. That key was supposed to stay locked inside an Intel SGX enclave, where it signs proofs telling the bridge "yes, this withdrawal is real." Instead the attacker grabbed it, registered their own fake hardware as a trusted prover, and forged withdrawal proofs the bridge had no reason to doubt. Block production stopped. The team told everyone to pull their funds out of every bridge on the network, immediately.

Ten days later, on July 2, the bridge reopened. Every affected user got made whole out of the treasury, according to Taiko's own announcement. And that's when things got weird.

TAIKO didn't just recover — it went vertical. From an all-time low around $0.058 hit on June 29, the token spiked as high as $0.52 within 24 hours, something like a 9x move, before settling back down to roughly $0.13–0.14. That's still about double what it was trading at right after the hack. CoinDesk clocked the surge at up to 136% in a single session; CoinGecko has it up 114% over the week. Trading volume exploded past $100 million in a day for a token with a $27 million market cap.

Taiko Got Hacked for $1.7M. Then the Token Went Up 9x. 1

A year ago the pattern was: shitcoin gets delisted from an exchange, shitcoin pumps, nobody can explain why except "less selling pressure, fewer sane people watching." Now apparently getting your signing key leaked on GitHub and losing seven figures does the same job. Maybe it's relief buying, the fix worked, everyone got paid back, so why not ape in. Maybe it's just a low-float token where any headline, good or bad, is enough to send it flying. Probably both.

What actually happened here is worth remembering, though. This wasn't a smart contract flaw. Taiko's whole multi-prover setup, SGX plus ZK backends, was designed so an attacker would need to break two independent systems at once. None of that mattered because the key was never supposed to leave the enclave in the first place, and it ended up in a place any script could find it. That's not a cryptography failure. That's a.gitignore failure. PeckShield puts 2026's bridge-hack total north of $340 million across at least 14 incidents, and the common thread in most of them isn't broken math, it's someone forgetting to lock a door.

Don’t miss esport news and update! Sign up and recieve weekly article digest!
Sign Up

Taiko says a full postmortem is coming. Until then: the bridge works, the users got their money back, and the chart looks like nothing bad ever happened at all.

Leave comment
Did you like the article?
0
0

Comments

FREE SUBSCRIPTION ON EXCLUSIVE CONTENT
Receive a selection of the most important and up-to-date news in the industry.
*
*Only important news, no spam.
SUBSCRIBE
LATER