BlockSec Phalcon released a preliminary analysis of a Taiko security incident, saying the likely root cause was exposure of an SGX enclave signing key for Taiko’s multi-prover component, Raiko, on GitHub. According to Foresight News, the attacker used the exposed key to register a malicious, attacker-controlled SGX instance, bypass the proof verification mechanism, and forge state and signal proofs.
BlockSec Phalcon said the attacker then used a forged source signal to mark a false cross-chain message as RETRIABLE and called retryMessage to extract canonical L1 assets from the ERC20Vault.
Taiko Security Incident Likely Linked To Exposed SGX Signing Key, BlockSec Phalcon Says
2026-06-22 06:06:50
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
