The Ethereum ecosystem experienced multiple security and organizational developments last week, with Taiko suffering a $1.7 million bridge exploit and Tornado Cash DAO facing governance attack suspicions. The Taiko incident stemmed from an SGX signing key exposed on GitHub, while Tornado Cash's proposal 67 raised concerns over delegate call logic targeting the DAO's $23 million treasury. Concurrently, the Ethereum Foundation announced a major restructuring, cutting its budget by 40% and reducing staff by 20% (54 people) while reorganizing into five operational clusters. These events underscore ongoing challenges in Layer 2 security architecture and decentralized governance mechanisms as Ethereum maintains its position as the blockchain network with the largest total value locked and developer base globally.
Taiko Bridge Loses $1.7 Million in SGX Key Exposure Exploit
Taiko experienced a bridge exploit resulting in approximately $1.7 million in losses. The incident involved Raiko, Taiko's multi-prover stack component responsible for proof verification across multiple systems. An SGX signing key used by Raiko was exposed in a public GitHub repository. SGX (Software Guard Extensions) is Intel's trusted execution environment technology designed to verify that specific code executes within a protected environment. The exposed signing key allowed an attacker to register a fraudulent prover and submit falsified withdrawal proofs to extract funds from the bridge. The exploit highlights that cryptographic proof systems require robust key management practices, as the breach occurred not in the SGX technology itself but in the operational handling of the signing key that authenticates legitimate provers.
Tornado Cash DAO Faces Governance Attack Suspicion on Proposal 67
Tornado Cash DAO encountered governance attack suspicions related to proposal 67. The proposal contains unverified logic that, if executed, would enable the governance contract to perform a delegate call to a target contract. Delegate calls execute external contract code while applying results to the calling contract's storage, creating potential risks if malicious logic is embedded. The Tornado Cash DAO treasury holds approximately $23 million in TORN tokens. The proposal wallet received funding through Railgun, a privacy-focused protocol that obscures fund origins. Tornado Cash DAO previously experienced a similar governance attack in 2023. The incident demonstrates that decentralized governance systems remain vulnerable to attacks through voting procedures rather than direct contract exploits.
Kraken Pursues 15% Aave Stake with 35,000 ETH Offer
Kraken is pursuing an acquisition of a 15% stake in Aave Group, according to reports. The deal structure involves 35,000 ETH in exchange for 250,000 AAVE tokens and 15% equity in Aave Group, valuing the company at approximately $385 million. Kraken's parent company Payward is preparing for an initial public offering and seeking to expand its asset management operations. Aave founder Stani disputed the reported terms, stating that no 70% discounted sale is occurring. The reported transaction, if completed, would represent a strategic move by a centralized exchange to deepen integration with decentralized finance infrastructure.
Base Experiences Two-Hour Block Production Halt
Base, an Ethereum Layer 2 network, experienced a block production halt lasting approximately two hours on June 25. The issue originated when the Base sequencer processed an invalid block, stopping new block creation after block 47806542. The sequencer is the component responsible for ordering transactions and producing blocks on Layer 2 networks. Block production resumed after the two-hour interruption. The Beryl hard fork activated as scheduled at 18:00 UTC on the same day, introducing token standards for stablecoins and real-world assets. The incident occurred as Base expands its infrastructure to support tokenized traditional financial assets including government bonds, funds, equities, and real estate.
Sophos and SwellChain Announce Chain Shutdowns
Two blockchain networks announced operational shutdowns within the same week. Sophos terminated its chain operations citing operational cost burdens, redirecting focus to Fire, an application built on Base. SwellChain, an OP Stack-based Layer 2 network, also ceased operations. The SwellChain bridge closed on June 23, with concerns raised that assets not withdrawn by the deadline may be unrecoverable. OP Stack is the development framework used within the Optimism ecosystem for building Layer 2 networks. The shutdowns reflect ongoing consolidation in the Layer 2 ecosystem, as projects evaluate the viability of maintaining independent chains versus building applications on established networks with greater liquidity and user bases.
Ethereum Foundation Cuts Budget 40% and Staff 20% in Restructuring
The Ethereum Foundation implemented a major organizational restructuring, reducing its budget by 40% and cutting staff by 20%, affecting 54 employees. The foundation reorganized into five operational clusters: Protocol, Access, User, Community, and Institution. The Protocol cluster focuses on core technology and upgrades, while the Access cluster addresses developer and user onboarding. The User, Community, and Institution clusters handle user experience, ecosystem community engagement, and institutional adoption respectively. The foundation set a target to reduce its annual spending rate to 5% by 2030. Former co-lead Thomas expressed support for the overall direction while raising concerns about grant reductions and treasury management practices. Grants serve as a primary funding mechanism for ecosystem developers, researchers, and public goods projects within Ethereum.
EthLabs Launches with Backing from Bitmine and Chainlink
EthLabs, a nonprofit research and development organization, officially launched with leadership from former Ethereum Foundation researchers. Funding for EthLabs came from Bitmine, Chainlink, and Joseph Lubin, Ethereum co-founder and ConsenSys founder. The launch represents a shift in Ethereum research capacity from a foundation-centric model toward a distributed ecosystem approach. Bitmine, one of EthLabs' primary backers, controls over 11% of total Ethereum staking. The organization's emergence reflects broader decentralization of research and development activities across the Ethereum ecosystem, though the concentration of funding sources and staking influence raises questions about the balance between research independence and stakeholder interests.
FAQ
What caused the Taiko bridge exploit?
The Taiko bridge exploit resulted from an SGX signing key being exposed in a public GitHub repository. The exposed key allowed an attacker to register a fraudulent prover and submit falsified withdrawal proofs, extracting approximately $1.7 million from the bridge.
How much is the Ethereum Foundation reducing its budget and staff?
The Ethereum Foundation is cutting its budget by 40% and reducing staff by 20%, affecting 54 employees. The foundation is reorganizing into five operational clusters and targeting a 5% annual spending rate by 2030.
