Taiko Network Suffers $1.7M Loss After SGX Key Leak on GitHub

iconKuCoinFlash
Share
AI summary iconSummary
Taiko network activity dropped sharply after a $1.7 million loss due to an SGX key leak on GitHub. The exposed Raiko SGX enclave signing key, used for block verification, enabled attackers to forge proofs. BlockSec stated that the breach could compromise the SGX prover trust model. Network metrics show a decline in validator participation following the incident.

BlockBeats report: On June 22, according to BlockSec monitoring, the Taiko network suffered an attack resulting in losses exceeding $1.7 million. Preliminary investigations suggest the root cause may be the exposure of Raiko SGX enclave signing keys on GitHub. Raiko is Taiko’s multi-prover stack used for generating proofs for both Taiko and Ethereum blocks; thus, the exposed Raiko SGX enclave keys could directly impact Taiko’s on-chain proof verification pathway.


Because the enclave signing key is publicly accessible, the SGX attester trust model may have been compromised. The exposed key could allow an attacker to register SGX instances under their control. Once registered, these instances can sign proof public inputs accepted by the Taiko proof verifier, enabling fraudulent state/signaling proofs to pass. The attacker then registers fraudulent source signals as RETRIABLE and subsequently calls retryMessage to cause the ERC20Vault to release canonical L1 assets.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.