Taiko ERC20 Vault Attacked, Losses Exceed $1 Million

Odaily reported that the ERC20 Vault on the Ethereum network has been attacked, with losses exceeding $1 million. The root cause of the vulnerability lies in a defect in the verification of source signal proofs within the Taiko cross-chain bridge. A constructed message proof was accepted as valid on Ethereum L1, without requiring a corresponding legitimate MessageSent event on the Taiko source chain. This allowed an attacker to register and withdraw fraudulent cross-chain messages, thereby releasing assets from the ERC20 Vault without authorization.