The Truebit Protocol has suffered a major security breach after attackers exploited a flaw in a legacy smart contract, draining approximately 8,535 ETH, valued at roughly $26.6 million at the time of the incident.
Following reports of the exploit, the protocol’s native token TRU experienced an almost complete collapse. The token plunged by 99.9%, falling from around $0.16 to near-zero levels at approximately $0.000077, as liquidity rapidly evaporated across markets.
How the Exploit Unfolded
According to on-chain analysis and statements from the team, the attack targeted a legacy smart contract that had been deployed nearly five years ago. While newer versions of the protocol had been developed over time, the outdated contract remained live and exploitable.
The vulnerability centered on a mispriced minting function. Attackers were able to mint large quantities of TRU tokens at close to zero cost. These tokens were then sold back into the protocol’s bonding-curve reserve, allowing the attackers to extract Ether directly from the system.
Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…
— Truebit (@Truebitprotocol) January 8, 2026
Multiple Attackers Identified
Blockchain analysts identified two separate attackers involved in the exploit.
- The primary attacker captured the majority of the funds, profiting approximately $26 million.
- A secondary actor extracted a smaller amount, estimated at around $250,000.
The coordinated timing of transactions suggests that the vulnerability was discovered and exploited rapidly once identified.
Protocol Response and Investigation
Truebit acknowledged the incident publicly, confirming a “security incident involving one or more malicious actors.”The team urged users and developers not to interact with the affected contract address:
0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2
The protocol stated that it is currently working with law enforcement and conducting a full investigation to determine the scope of the damage and possible next steps.
Broader Implications for Smart Contract Security
The Truebit exploit has reignited concerns around legacy smart contract risk. Even when a project evolves and updates its core infrastructure, older contracts can remain active and exposed, creating attack surfaces that are often overlooked.
The incident serves as another reminder that unused or deprecated contracts must be carefully audited, disabled, or fully retired, especially in systems that retain access to pooled liquidity.
As of now, TRU remains effectively non-functional from a market perspective, and the future of the protocol will likely depend on the outcome of the investigation and any potential recovery or restructuring plans.
