The post Truebit protocol confirms security incident as exploit drains over $26m in ETH appeared on BitcoinEthereumNews.com.

The Truebit protocol has confirmed a security incident involving one of its smart contracts on 7 January. The on-chain exploit resulted in the loss of more than 8,500 ETH, valued at approximately $26–26.5 million at current prices. In a statement posted on X, Truebit said it had identified malicious activity linked to the “Truebit Protocol: Purchase” contract at address 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2, and urged users not to interact with the contract until further notice.  The team said it is working with law enforcement and will provide updates through official channels. Pricing flaw enabled free token mints While Truebit has not yet disclosed technical details of the vulnerability, on-chain analysis indicates the exploit stemmed from a pricing logic failure in the contract’s getPurchasePrice[uint256] function.  The function reportedly returned a zero price for unusually large mint requests, allowing attackers to mint tokens at no cost. Using this flaw, the attacker was able to repeatedly mint and sell tokens back into the protocol’s bonding curve, draining ETH reserves through a rapid buy-sell loop.  One of the primary exploit transactions used a function explicitly labeled “Attack”. The majority of the stolen funds were consolidated into a single address, with a smaller portion routed to a secondary wallet. Funds moved through Tornado Cash Shortly after the exploit, roughly half of the stolen ETH was routed through Tornado Cash, according to transaction records.  The rapid use of mixing services suggests the exploit was deliberate and pre-planned, rather than opportunistic. Truebit TRU token price collapses The exploit had an immediate market impact. The TRU token fell sharply following the incident. It dropped more than 60%, from around $0.16 to $0.005 in a single 12-hour candle on major exchanges.  Source: TradingView The drop reflects traders’ reaction to the scale of the loss and uncertainty around remediation. Exploit reflects broader trend…

---

Filed under: News - @ January 8, 2026 11:25 pm