TRU suffers a 99.9% crash, hacker steals $26.6 million worth of Ethereum through smart contract vulnerability

GasFeeTears · 2026-01-15T14:32:35+00:00

The Truebit project was severely impacted by a large-scale theft of funds, with its native token TRU dropping by as much as 99.9%. Hackers exploited a smart contract vulnerability from five years ago to repeatedly purchase TRU and extract funds, causing liquidity to evaporate instantly. The incident serves as a reminder that old contracts may carry hidden risks, and the Truebit team is working with law enforcement agencies to respond.

GasFeeTears

2026-01-15 14:32:35

Abstract generation in progress

A meticulously planned exploit has driven the Truebit project into the abyss. On Thursday, the protocol’s native token TRU plummeted from the clouds to a bottomless low, with a drop of up to 99.9%. The culprit was a large-scale theft of funds—hackers stole approximately 8,535 ETH from the protocol reserves, worth over $26.6 million at current prices.

How the vulnerability was exploited

Technical researcher Weilin Li revealed the details of this attack. The issue stemmed from an old smart contract deployed five years ago, which contained a critical flaw in its minting function: when purchasing an extremely large amount of tokens, the function would return a zero purchase price. This design flaw opened the door for exploitation.

The hacker exploited this vulnerability to launch a looping attack: purchasing TRU tokens at nearly zero cost, then immediately selling them back into the bonding curve-based reserve pool to extract real Ethereum. Each cycle gradually drained the liquidity pool, like someone continuously opening an endless “cash machine.”

Independent on-chain analyst “n0b0dy” further pointed out that the brilliance of this flaw was that the attacker also paid small fees to block producers, ensuring their transactions received priority processing. The purpose was to prevent others from front-running (frontrun) these transactions.

Market collapse and liquidity evaporation

As the exploit unfolded, TRU’s price plunged freely. Liquidity evaporated completely within minutes, holders rushed to exit, ultimately causing the token to shrink by 99.9%.

Forgotten contracts become long-term hazards

This incident rings the alarm again: even if the latest code of the protocol has been upgraded and fortified, those old deployments from years ago may still hide unknown dangers. As long as these contracts hold funds or are connected to key reserves, they become targets for hackers.

As of now, Truebit has not released a full post-incident analysis report, nor confirmed whether affected contracts have been paused. The team stated that they are aware of the security breach, are working with law enforcement, and are taking measures to address the situation.

TRU real-time data

Token: Truebit (TRU)
Current Price: $0.01
24-Hour Change: -2.47%

ETH real-time data

Token: Ethereum (ETH)
Current Price: $3.37K

TRU2,98%

ETH-0,85%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.