Taiko ERC20 Vault Attacked, Losses Exceed $1 Million

Odaily reported that Taiko's ERC20 Vault on Ethereum was attacked, resulting in losses exceeding $1 million. The root cause of the vulnerability lies in a flaw in the source signal proof verification of Taiko's cross-chain bridge. A constructed message proof was accepted as valid on Ethereum L1 without requiring a corresponding legitimate MessageSent event on the Taiko source chain, enabling the attacker to register and execute fraudulent cross-chain messages and unauthorized asset withdrawal from the ERC20 Vault.