Truebit’s TRU token went into free fall Thursday after the protocol disclosed a security incident tied to one of its Ethereum smart contracts, with on-chain trackers pointing to a haul of about 8,535 ETH, roughly $26M at recent prices.
Truebit said the incident involved “involving one or more malicious actors” and told users it was in contact with law enforcement and “taking all available measures” in response.
The theft estimate, cited by crypto sleuths monitoring the protocol, put the missing Ether at 8,535 ETH, with the dollar value near $26.6M at the time of reporting.
For traders, the shock spread quickly as smart contract failures rarely stay isolated and often ripple through liquidity, confidence and prices across exchanges.
Smart Contract Bug Allegedly Enabled Free Token Minting
Truebit is built to tackle one of blockchain’s core limits, the high cost of on-chain computation. It aims to let applications verify complex calculations without running every step on Ethereum, shifting heavy logic off-chain while preserving on-chain verification for advanced smart contract and compute use cases.
The protocol flagged malicious activity linked to its “Truebit Protocol: Purchase” contract and urged users to avoid interacting with the address until further notice.
Investigators have not seen a full technical postmortem yet. On-chain analysis cited in reporting pointed to a pricing logic failure in the getPurchasePrice function, where unusually large mint requests allegedly returned a zero cost, letting an attacker mint tokens for free and cycle them through a bonding curve to drain ETH reserves.
Attackers Route Stolen Ether Through Tornado Cash
Transaction trails also showed aggressive clean-up behavior after the drain, including consolidation into a main address and routing of a large share through Tornado Cash, the kind of step that typically signals planning rather than a lucky stumble.
The market’s verdict came quickly. On-chain investigators reported TRU fell more than 99%, with Nansen data showing a drop to about $0.0000000029 from around $0.16.
The timing also feeds into a broader security narrative. PeckShield recently said total crypto hack and exploit losses fell to about $76M in December from $194.2M in November, a 60% drop that still left the ecosystem dealing with constant pressure from both protocol bugs and user-targeted scams.
PeckShield’s breakdown included a $50M address poisoning loss and another incident tied to a private key leak in a multisig wallet that cost about $27.3M.
Truebit has not yet said what remediation looks like, and it remains unclear what triggered the exploit and whether user funds were at risk.
The post Truebit Token Plunges After Protocol Confirms $26M Ethereum Exploit appeared first on Cryptonews.
