Truebit’s TRU Token Collapses After $26M Exploit Drains Protocol Reserves

Truebit’s TRU token plunged nearly 100% on Thursday after an exploit siphoned approximately 8,535 ether—worth about $26.6 million—from the protocol’s reserves, according to onchain data and independent blockchain researchers.

Truebit, an Ethereum-based verification and computation network, confirmed that it is investigating a security incident involving malicious actors. The team said it is working with law enforcement and taking steps to contain the damage.

Blockchain analytics firm Lookonchain estimated the loss at 8,535 ETH. Independent researcher Weilin Li linked the attack to a vulnerability in an older smart contract deployed roughly five years ago. According to the analysis, a minting function could incorrectly return a zero purchase price for unusually large token buys.

This flaw allowed the attacker to repeatedly acquire TRU tokens at little to no cost, then immediately sell them back into the protocol’s bonding-curve reserve, extracting ether with each cycle.

Onchain researcher “n0b0dy” described the exploit as a series of automated buy-and-sell loops that took advantage of mispricing as the reserve balance shifted. The attacker reportedly paid a small block builder bribe to ensure the transactions were processed quickly.

As the exploit unfolded, TRU’s price collapsed by as much as 99.9%, with liquidity rapidly evaporating and token holders rushing to exit positions.

The incident highlights a persistent risk in decentralized finance: legacy smart contracts can remain exploitable long after they fall out of active use. Even when a protocol upgrades its codebase, older deployments tied to reserves or pricing mechanisms can still present critical vulnerabilities.

Truebit has not yet released a full post-mortem or confirmed whether the affected contracts have been paused.