Truebit Protocol Loses $26 Million in Smart Contract Exploit as TRU Token Crashes 99%

TLDR

• Truebit protocol suffered a security exploit that drained approximately 8,535 Ether worth about $26.6 million from its reserves on January 8, 2026.
• The TRU token price crashed 99% from $0.16 to $0.0000000029 following the attack, reaching an all-time low.
• The exploit targeted a flaw in an older smart contract deployed five years ago, allowing attackers to buy TRU tokens at no cost and sell them back to extract Ether.
• Truebit is working with law enforcement and warned users not to interact with the affected smart contract address.
• The attack used a minting function vulnerability that returned a purchase price of zero for large token purchases, enabling repeated buy-and-sell loops to drain the pool.

The Truebit protocol experienced a major security breach on January 8, 2026, resulting in the theft of approximately 8,535 Ether. The stolen funds were valued at roughly $26.6 million at the time of the attack.

Truebit, an Ethereum-based verification and computation project, confirmed the incident in a post on X (formerly Twitter). The protocol stated it was aware of security issues involving one or more malicious actors. The team advised users not to interact with the affected smart contract address.

The exploit caused immediate damage to the TRU token price. According to data from Nansen, the token fell from $0.16 to $0.0000000029. This represented a 99% decline in value within hours of the attack.

Blockchain analysts at Lookonchain confirmed the theft amount of 8,535 ETH. The attack targeted vulnerabilities in Truebit’s older infrastructure. Researcher Weilin Li identified the source as a flaw in a smart contract deployed approximately five years ago.

The vulnerable contract contained a minting function with a critical weakness. When processing unusually large token purchases, the function could return a purchase price of zero. This allowed attackers to acquire TRU tokens without paying for them.

How the Attack Worked

The attackers exploited this pricing flaw through repeated transactions. They purchased TRU tokens at no cost using the faulty minting function. The tokens were then immediately sold back into the bonding-curve reserve to extract Ether.

Independent blockchain researcher “n0b0dy” analyzed the transaction patterns. The attack consisted of multiple buy-and-sell loops that took advantage of mispricing. As the reserve balance shifted with each transaction, the pool gradually lost funds.

The wallet used in the exploit reportedly paid a small builder bribe. This payment helped prioritize the malicious transactions on the Ethereum network. The strategy allowed the attacker to execute the loops efficiently before detection.

Protocol Response and Law Enforcement

Truebit confirmed it is in contact with law enforcement agencies. The team stated it is taking all available measures to address the situation. The protocol provided the affected smart contract address and urged the public to avoid interacting with it.

As of publication, Truebit has not released a complete post-mortem of the incident. The team has not confirmed whether the affected contracts have been paused. Questions remain about whether user funds beyond the protocol reserves were at risk.

The exploit led to immediate market panic among TRU token holders. Liquidity evaporated as traders rushed to exit their positions. The token’s near-total collapse reflects the severity of the security breach.

Truebit’s security incident follows other crypto exploits in recent months. In December 2025, the Flow Foundation reported a token counterfeiting attack that resulted in $3.9 million in losses. Trust Wallet’s Chrome extension was also compromised through a malicious update, leading to $7 million in stolen funds.

Blockchain analytics platform PeckShield reported that total crypto industry losses from exploits dropped to $76 million in December 2025 from $194 million in November 2025. The Truebit exploit in January 2026 represents one of the larger individual incidents in recent months.

The post Truebit Protocol Loses $26 Million in Smart Contract Exploit as TRU Token Crashes 99% appeared first on CoinCentral.