Share
Truebit’s TRU token collapsed almost entirely after an exploit siphoned about 8,535 Ether from a smart contract tied to the protocol. On January 8, 2026, Truebit confirmed a security incident involving malicious actors and urged users not to interact with a specific contract address. Onchain trackers and independent researchers pegged losses near $26 million at the time.
Blockchain analysts traced the attack to a smart contract deployed roughly five years ago. According to Lookonchain, the contract’s minting logic allowed a purchase price of zero under certain conditions. That flaw let the attacker buy large amounts of TRU at no cost, then sell the tokens back into a bonding-curve reserve to pull out Ether.
Independent researcher Weilin Li said the exploit appears to stem from a mispriced minting function in an older purchase contract, which allowed attackers to acquire TRU at extremely low cost and repeatedly sell it back into the reserve. Those buy-and-sell loops adjusted pricing as balances shifted, enabling the gradual extraction of Ether.
Another 26M hack. @Truebitprtocol
I haven't decompiled the vulnerable code yet, but the root cause appears to be a mispriced minting function of its purchase contract that allows anyone to purchase TRU token at a very low price.
The first attacker (26M profit):… pic.twitter.com/qmoDB54I0w
— Weilin (William) Li (@hklst4r) January 8, 2026
CoinDesk reported that another on-chain analyst, known as “n0b0dy,” said the wallet paid a small builder bribe to prioritize transactions, accelerating the drain. Truebit has said it is in contact with law enforcement and is taking steps to address the incident. The team has not published a post-mortem or confirmed whether affected contracts were paused at the time of reporting.
Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…
— Truebit (@Truebitprotocol) January 8, 2026
The market response was immediate. Nansen data shows TRU fell more than 99%, sliding from around $0.16 to fractions of a cent as holders rushed to exit and liquidity thinned. The move pushed the token to an all-time low within hours.
The mechanics were visible on-chain. Once confidence broke, thin liquidity amplified losses. This was not a slow repricing. It was a cascade driven by on-chain design meeting panic.
The exploit highlights a risk many teams underestimate. Updated code does not erase exposure if older contracts still connect to reserves or hold value. Attackers scan these forgotten paths. Not all exploits follow the same pattern, but recent data shows how isolated failures can still cause sharp damage. In late 2025, the Flow Foundation disclosed a counterfeit token issue that resulted in roughly $3.9 million in losses. Around the same period, Trust Wallet confirmed a browser-extension incident that led to about $7 million being stolen.
Monthly tracking from PeckShield shows overall exploit losses fell to $76 million in December 2025 from $194 million in November 2025, yet individual incidents continue to produce outsized shocks for affected protocols.
#PeckShieldAlert December 2025 witnessed ~26 major crypto exploits, resulting in total losses of ~$76M.
This figure represents a decrease of over 60% from November's total of $194.27M, marking a significant reduction in monthly losses.
Notably:
🔺Wallet 0xcB80…819 lost $50M… pic.twitter.com/CNW3R6646j— PeckShieldAlert (@PeckShieldAlert) January 1, 2026
Key questions remain open. Truebit has not detailed whether user funds beyond protocol reserves faced exposure. The team has not shared a full technical breakdown or remediation timeline.
For you, the takeaway is narrow and practical. Legacy contracts matter. If value flows through them, they deserve the same scrutiny as new code. Audits done years ago do not age well.
The protocol continues to run. Trust, for now, does not. How Truebit responds in the coming days will shape whether this event stays a contained failure or becomes a longer test of credibility.
Share
