Truebit token crashes 99.9% after hacker drains $26.6 million in ether

Truebit’s TRU token cratered nearly 100% on Thursday after an exploit drained about 8,535 ether, worth roughly $26.6 million, from the protocol’s reserves, according to onchain data and independent researchers.

Truebit, an Ethereum-based verification and computation project, said it was “aware of a security incident involving one or more malicious actors,” adding that it is in contact with law enforcement and is taking steps to address the situation.

Blockchain analysts at Lookonchain pegged the theft at 8,535 ETH. Researcher Weilin Li attributed the attack to a flaw in an older smart contract deployed around five years ago, where a minting function could return a purchase price of zero for an unusually large token buy.

That allowed the attacker to repeatedly buy TRU at essentially no cost, then immediately sell it back into the bonding-curve reserve to pull out ether.

Independent onchain researcher “n0b0dy” described the flow as a series of buy-and-sell loops that exploited mispricing as the reserve balance shifted, gradually draining the pool. The wallet involved reportedly paid a small builder bribe to prioritize transactions.

The exploit sent TRU into a near-total collapse, with the token plunging as much as 99.9% as liquidity evaporated and holders rushed to exit.

The incident is the latest reminder that older contracts can remain an attack surface long after they fade from attention.

Even if a protocol’s current code is updated, legacy deployments and forgotten pricing logic can still be targeted if they hold value or connect to reserves.

Truebit has not yet published a full post-mortem or confirmed whether affected contracts have been paused.