Truebit’s TRU Token Crashes Nearly 100% Following $26.6M Ethereum Exploit
Truebit’s TRU token plunged almost 100% on Thursday after an attacker drained roughly 8,535 ETH — about $26.6 million — from the protocol’s reserves, according to on-chain data and independent researchers.
The exploit targeted a flaw in a legacy smart contract, allowing the hacker to mint TRU at virtually no cost and repeatedly sell it back to the bonding-curve reserve to extract Ether. Analysts described the attack as a series of buy-and-sell loops exploiting mispricing as the reserve balance shifted. Reports indicate the hacker also paid a small builder bribe to prioritize transactions.
Truebit, an Ethereum-based verification and computation project, confirmed the incident and said it is coordinating with law enforcement while taking steps to address the situation.
The vulnerability stemmed from a contract deployed about five years ago, where unusually large token purchases could return a zero cost. The attack wiped out TRU liquidity, sending the token down as much as 99.9%.
The incident underscores the ongoing risk posed by legacy smart contracts: even updated protocols can remain vulnerable if older contracts hold value or connect to reserves. Truebit has yet to publish a full post-mortem or confirm whether affected contracts have been paused.
