-
Truebit lost about $26.6 million in a smart contract exploit
-
Attackers abused a vulnerability in an old contract
-
The TRU token fell nearly 100% after the breach
Truebit, a DeFi protocol built on Ethereum, suffered a major security breach that wiped out nearly all the value of its native token.
On Thursday, attackers exploited an old smart contract, draining roughly 8,535 ETH, worth about $26.6 million. Blockchain analysts say the issue came from a mispriced minting function in a contract deployed around five years ago.
The flaw allowed attackers to buy TRU tokens at extremely low prices. Two separate wallets were involved, with one attacker making nearly the entire profit and the other gaining a much smaller amount.
Following the exploit, the TRU token collapsed by 99.9%, falling from around $0.16 to a fraction of a cent. Truebit confirmed the incident and said it is working with law enforcement, though it did not initially disclose the stolen amount.
The event highlights a growing risk in DeFi. Older contracts, even if long ignored, are increasingly being targeted as attackers search for overlooked vulnerabilities.
Recent months have seen several large DeFi exploits tied to smart contract flaws, reinforcing concerns that legacy code remains one of the sector’s biggest security weaknesses.
