Truebit’s TRU Token Collapses After $26.6M Ethereum Exploit
Truebit’s TRU token nearly collapsed to zero on Thursday following a sophisticated exploit that drained approximately 8,535 ETH — around $26.6 million — from the protocol’s reserves, according to on-chain data and independent researchers.
The attack took advantage of a flaw in an older smart contract, allowing the hacker to mint TRU at effectively no cost and then sell it back to the bonding-curve reserve to extract Ether. Analysts say the exploit involved repeated buy-and-sell loops that leveraged mispricing as the reserve balance shifted, gradually draining the pool.
Truebit, an Ethereum-based computation and verification project, confirmed it is aware of the incident, stating it is working with law enforcement and taking steps to address the situation.
Blockchain analytics firm Lookonchain pegged the theft at 8,535 ETH, while researcher Weilin Li traced the vulnerability to a smart contract deployed roughly five years ago. The minting function allowed unusually large purchases to register at a zero cost, opening the door for repeated exploitation. Independent on-chain researcher “n0b0dy” noted that the hacker also paid a small builder bribe to prioritize transactions, accelerating the exploit.
The attack caused TRU to plunge as much as 99.9%, as liquidity evaporated and holders rushed to exit.
This incident underscores that legacy smart contracts can remain a serious attack vector long after deployment. Even if a protocol’s current code is updated, older contracts with outdated pricing logic or reserve connections can still be targeted if they hold value.
Truebit has yet to publish a full post-mortem or confirm whether affected contracts have been paused.
