Taiko, an Ethereum layer-2 network, has warned users to withdraw funds from its bridge after researchers identified a security flaw that allowed attackers to steal more than $1.7 million.

The breach exploited Taiko's proof verification process, according to Decrypt. The layer-2 operates by periodically bundling transactions and submitting cryptographic proofs to Ethereum's mainnet to settle batches. An attacker apparently found a way to manipulate or forge these proofs, bypassing the security checks meant to keep the system honest.

The immediate response

Taiko moved quickly to notify users and recommend withdrawal. The team did not specify a timeline for when the vulnerability was discovered, patched, or disclosed, or whether the attacker had continued access after initial exploitation. The newsroom does not yet have confirmation whether funds already locked in the bridge at the time of the breach remain at risk, or whether only specific withdrawal transactions were compromised.

Layer-2 networks rely on proof systems as their primary guarantee to users that deposits are safe and that withdrawals will be honored. A flaw in proof verification strikes at that core trust mechanism. Users who bridge assets to Taiko—or any layer-2—depend on the network's ability to correctly validate that transactions happened and balance sheets are correct before moving funds back to Ethereum.

What remains unclear

Several critical details have not been made public. Taiko has not released a full incident timeline, a detailed technical breakdown of how the exploit worked, or confirmation of whether the attacker was external, an insider, or a researcher who discovered the flaw responsibly. The team also has not disclosed whether the $1.7 million represents the total exposure or only the confirmed loss so far.

Users holding assets on Taiko itself (not in the bridge) appear not to be directly at risk from this specific proof flaw, since the vulnerability centered on the mechanism that moves funds between layer-2 and mainnet. However, until Taiko publishes a full post-mortem and confirms the fix, the scope of the breach and any related risks remain partially opaque.

Layer-2 networks have become critical infrastructure for Ethereum scaling, processing billions in daily volume. A proof verification bug in any of them—whether in Taiko, Arbitrum, Optimism, or Starknet—is a structural threat that can erode user confidence. Taiko is relatively newer and smaller than some competitors, but the principle is the same: if the proof system fails, the entire value proposition collapses.