Truebit’s TRU token went into free fall Thursday after the protocol disclosed a safety incident tied to one among its Ethereum good contracts, with on-chain trackers pointing to a haul of about 8,535 ETH, roughly $26M at current costs.
Truebit stated the incident concerned “involving a number of malicious actors” and instructed customers it was in touch with regulation enforcement and “taking all out there measures” in response.
The theft estimate, cited by crypto sleuths monitoring the protocol, put the lacking Ether at 8,535 ETH, with the greenback worth close to $26.6M on the time of reporting.
For merchants, the shock unfold shortly as good contract failures hardly ever keep remoted and sometimes ripple by liquidity, confidence and costs throughout exchanges.
Immediately, we turned conscious of a safety incident involving a number of malicious actors. The affected good contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the general public to not work together with this contract till additional discover. We’re in touch with regulation…
— Truebit (@Truebitprotocol) January 8, 2026
Sensible Contract Bug Allegedly Enabled Free Token Minting
Truebit is constructed to sort out one among blockchain’s core limits, the excessive value of on-chain computation. It goals to let purposes confirm advanced calculations with out working each step on Ethereum, shifting heavy logic off-chain whereas preserving on-chain verification for superior good contract and compute use instances.
The protocol flagged malicious exercise linked to its “Truebit Protocol: Buy” contract and urged customers to keep away from interacting with the handle till additional discover.
Investigators haven’t seen a full technical postmortem but. On-chain evaluation cited in reporting pointed to a pricing logic failure within the getPurchasePrice operate, the place unusually giant mint requests allegedly returned a zero value, letting an attacker mint tokens free of charge and cycle them by a bonding curve to empty ETH reserves.
#PeckShieldAlert @Truebitprotocol has been exploited for ~$26.5M. The exploiter has transferred the stolen funds (8.5K $ETH) to 2 addresses: 0x2735…cE850a & 0xD12f…031a60$TRU has dropped -100%.
Notably, the identical exploiter attacked $Sparkle ~12 days in the past, acquiring 5 $ETH… pic.twitter.com/6JwqeulT5h— PeckShieldAlert (@PeckShieldAlert) January 9, 2026
Attackers Route Stolen Ether By means of Twister Money
Transaction trails additionally confirmed aggressive clean-up conduct after the drain, together with consolidation right into a principal handle and routing of a giant share by Twister Money, the type of step that usually alerts planning fairly than a fortunate stumble.
The market’s verdict got here shortly. On-chain investigators reported TRU fell greater than 99%, with Nansen information exhibiting a drop to about $0.0000000029 from round $0.16.
The timing additionally feeds right into a broader safety narrative. PeckShield just lately stated whole crypto hack and exploit losses fell to about $76M in December from $194.2M in November, a 60% drop that also left the ecosystem coping with fixed stress from each protocol bugs and user-targeted scams.
PeckShield’s breakdown included a $50M handle poisoning loss and one other incident tied to a non-public key leak in a multisig pockets that value about $27.3M.
Truebit has not but stated what remediation appears like, and it stays unclear what triggered the exploit and whether or not consumer funds had been in danger.
The submit Truebit Token Plunges After Protocol Confirms $26M Ethereum Exploit appeared first on Cryptonews.