Ethereum Layer 2 project Taiko published an update on the security incident on June 25: Taiko promises that no user funds will be lost due to this incident; currently, bridged assets are undercollateralized, and full recapitalization will be completed before bridging services resume, ensuring every user balance is 1:1 backed.
Ledger CTO Reveals Attack Root Cause: File Accidentally Pushed to GitHub Public Repository
Ledger CTO Charles Guillemet publicly explained the full chain of the attack: The problematic file was enclave-key.pem, a private key used to sign all SGX enclaves that verify computations on the Taiko network. After obtaining the private key, the attacker created their own malicious SGX enclave, signed it, and registered it as a trusted prover; the contract treated it as legitimate, and the attacker then forged proofs for fake blocks. The system lacked additional verification measures and accepted them as real blocks, allowing the attacker to extract assets.
Guillemet noted that this incident highlights the fundamental risk of relying on a single privileged private key architecture, and explained that AI tools can now automatically scan open repositories for all new files and changes, meaning accidentally leaked confidential information can quickly fall into attackers' hands. He pointed out that succinct validity proof architecture does not rely on a single private key for security, but is entirely based on mathematical verification of proofs, representing an alternative architectural path.
Fix Has Passed Internal Testing; CEO Has Submitted Formal Report to Singapore Authorities
Taiko stated it has fully identified the root cause and developed a technical solution, which has passed internal testing. All changes are currently under further review by the Security Committee and independent cybersecurity partners. The Taiko CEO has submitted a formal report to relevant Singapore authorities, and the team will fully cooperate in tracing responsible parties.
Users currently need to take no action. Taiko reminds users: The team will not proactively send private messages, and there is no claim or refund website; any link offering such is a scam.
Taiko Cooperates with CEXs to Track Stolen Assets; Full Technical Report to Be Released After Network Restores
Taiko stated it is cooperating with centralized crypto exchanges and security companies to track and freeze stolen assets where possible; funds remaining in the bridge after the attack are secure. Taiko also announced it is working with the DAO committee on a support mechanism for users affected by this incident.
After the network restores, Taiko will release a full technical report detailing the root cause, attack process, and measures to prevent similar incidents in the future; all communications will only occur through official channels.
Frequently Asked Questions
How did this Taiko security incident occur?
Ledger CTO Guillemet explained that the root cause was the accidental push of the private key file enclave-key.pem to a GitHub public repository. After obtaining the private key, the attacker created and registered a malicious SGX enclave, forged proofs for fake blocks, and the system lacked additional verification measures, treating them as real blocks. The attacker thus extracted assets, resulting in a loss of approximately $1.7 million.
Are user funds currently safe? What assurances has Taiko made?
In its June 25 update, Taiko clearly stated that no user will lose funds due to this incident. Currently, bridged assets are undercollateralized, but Taiko promises to complete full recapitalization before bridging services resume, ensuring every user balance is 1:1 backed.
When will the Taiko network restore, and what information will be released later?
As of June 25, 2026, the fix has passed internal testing and is under further review by the Security Committee and independent cybersecurity partners. Taiko stated it will resume services as soon as possible after ensuring security, but has not announced a specific timeline; a full technical report will be released via official channels after the network restores.
