Truebit suffers major attack, $26 million lost; TRU token faces zeroing crisis

Ethereum verification computation protocol Truebit was recently attacked due to a contract vulnerability, instantly losing assets worth over $26 million. Following the incident, the native token TRU plummeted from $0.16 to near zero. The official statement was posted on social platform X: “We have identified a security incident involving one or more malicious actors. We are currently working closely with law enforcement and taking all possible measures to respond to this situation.”

Although Truebit has not disclosed the specific amount stolen, on-chain analysis platform Lookonchain estimates that the stolen assets amount to 8,535 ETH, valued at approximately $26.6 million, which is quite substantial.

Old Contract Design Flaws Become Breakthrough Point

Independent researcher Weilin Li pointed out that the root cause of this attack traces back to a smart contract deployed five years ago by Truebit. The token issuance mechanism within that contract had design flaws, allowing hackers to exploit the pricing logic of the “mint” function to acquire TRU tokens at a cost far below market price.

Weilin Li analyzed that the attack was carried out by two hackers, with one profiting about $26 million and the other approximately $250,000. This precise targeting of outdated contracts indicates that hackers are now focusing on those forgotten by the market but still holding high permissions in obsolete code.

“Old Code Hunting” Trend Sparks Industry Alarm

Weilin Li specifically warned that a recent “archaeological trend” has emerged among hackers, targeting old, unprotected contracts for attacks. This strategy is effective because many project teams have shifted their operational focus to new systems, significantly reducing monitoring of historical contracts.

The DeFi protocol Balancer suffered a $120 million loss last November, which was an early sign of this trend. Recently, well-known projects such as Bunni, Nemo Protocol, Hyperdrive, and Yearn Finance have also reported smart contract attacks, indicating this is no longer an isolated case but a systemic security concern.

Truebit’s incident reveals deep risks within the blockchain ecosystem: old contracts do not disappear over time but instead become targets for hackers. According to the latest data, TRU’s current price has fallen to $0.01, with the threat of zeroing out hanging like the Sword of Damocles over the project.