Truebit plunges nearly 100% following a $26.6 million Ether theft.

Truebit’s TRU Token Crashes After $26.6M Ethereum Exploit

Truebit’s TRU token plunged nearly 100% on Thursday after an attacker drained roughly 8,535 ETH — about $26.6 million — from the protocol’s reserves, according to on-chain data and independent researchers.

The exploit targeted a vulnerability in an older smart contract, allowing the hacker to buy TRU at effectively zero cost and sell it back to the bonding-curve reserve, gradually extracting Ether. Analysts describe the attack as a series of repeated buy-and-sell loops that exploited mispricing as the reserve balance shifted. The hacker reportedly also paid a small builder bribe to prioritize transactions.

Truebit, an Ethereum-based verification and computation protocol, confirmed it is aware of the incident and is coordinating with law enforcement while taking steps to mitigate the impact.

Blockchain researchers identified the flaw in a contract deployed about five years ago, where the minting function could allow unusually large purchases at no cost. The exploit triggered a near-total collapse of TRU liquidity, sending the token down as much as 99.9%.

The incident highlights the ongoing risk posed by legacy smart contracts. Even with updated code, older deployments with outdated pricing logic or linked reserves can remain vulnerable if they hold value. Truebit has not yet released a full post-mortem or confirmed whether affected contracts have been paused.

About The Author

ctleditor

See author's posts