Truebit, an Ethereum-based verification and computation protocol, recently suffered a massive loss of approximately $26.6 million due to a vulnerability in a smart contract that had been deployed for five years.
According to market data, following the incident, the price of its native token TRU plummeted from around $0.16 to $0.00007721 in a short period, marking a staggering 99.9% drop and severely shaking market confidence.
01 Incident Overview
The Truebit protocol experienced a major security breach, resulting in a significant outflow of assets. Based on official statements and tracking from blockchain analytics platforms, attackers exploited a long-standing vulnerability in the protocol to steal a large amount of funds.
Blockchain analytics platform Lookonchain confirmed that approximately 8,535 ETH were stolen, with a total value of $26.6 million based on market prices at the time of the incident.
After the breach, the Truebit team quickly issued an announcement on social media platform X, confirming the security incident. They stated that they had contacted law enforcement and were taking all available measures to address the situation.
02 Attack Analysis
Security researcher Weilin Li’s analysis revealed that the root of the vulnerability traced back to an old smart contract deployed about five years ago. This contract contained a minting function with a pricing error, which attackers exploited to execute the attack.
The flaw allowed attackers to acquire large amounts of the protocol’s native TRU tokens at a fraction of their market value, enabling them to extract significant value in a short time.
It is understood that two separate attackers were involved in this incident. One attacker profited by about $26 million, while the other gained roughly $250,000.
This event once again highlights the severe risks posed by "legacy code" in the blockchain sector. As researcher Li warned, "Old contracts are becoming increasingly ‘popular’ among attackers these days."
03 Impact on TRU Token and the Market
The security breach dealt a devastating blow to the Truebit ecosystem. According to Coingecko data, after the vulnerability was exploited, the price of TRU tokens collapsed.
TRU’s price plunged from around $0.16 before the incident to $0.00007721, wiping out more than 99.9% of its market capitalization—essentially rendering it worthless.
This price crash not only directly affected token holders but also severely damaged the operation and reputation of the entire Truebit protocol ecosystem. The extreme volatility in token price reflects the market’s deep pessimism regarding the protocol’s security and future prospects.
In contrast to the Truebit incident, mainstream cryptocurrencies remained relatively stable during the same period. According to Gate market data, BTC/USDT was quoted at $91,001.2 on January 9, with a 24-hour decline of just 0.04%.
04 Industry Reflection and Security Challenges
The Truebit incident is the latest in a series of recent DeFi security breaches, highlighting ongoing challenges for the industry. Risks associated with old contracts and complex protocol interactions are on the rise.
Last November, the Balancer protocol suffered an attack due to rounding errors in its v2 composable stable pools, resulting in cross-chain asset losses exceeding $120 million. More recently, protocols including Bunni, Nemo Protocol, Hyperdrive, and Yearn Finance have also fallen victim to smart contract vulnerabilities.
What’s even more concerning is the rapid evolution of attack tools and techniques. Last month, AI research firm Anthropic warned that advanced AI agents are now capable of identifying vulnerabilities in both new and old Ethereum smart contracts.
Malicious actors can now leverage sophisticated technologies to uncover obscure and complex vulnerabilities, making security defense increasingly difficult.
05 How Gate Supports Secure Trading for Users
In the face of an increasingly complex crypto market and mounting security challenges, choosing a safe, transparent trading platform with robust analytical tools is more important than ever. As a leading industry platform, Gate continues to strengthen its security infrastructure and provides users with professional market analysis tools.
Recently, Gate integrated an AI-powered market analysis tool called GateAI into its trading app. This tool is available across multiple modules, including token search, spot charts, and community updates.
GateAI’s core features include automated market data summaries and clear interpretations, helping users quickly grasp key developments amid information overload. Importantly, the tool actively flags uncertainty when conclusions cannot be verified, helping users avoid being misled.
It’s important to note that GateAI is designed as a decision-support tool, not an automated trading system—users retain full control over trading execution. The tool uses a quota management model and may be linked to the platform’s VIP tier system in the future, giving different users differentiated access privileges.
Outlook
Following the incident, Truebit’s TRU token price crashed from nearly $0.16 to virtually zero, erasing more than 99.9% of its market value. This has prompted a renewed examination of legacy issues in the blockchain world.
On Ethereum, there are countless ancient smart contracts like Truebit’s that have been running silently for years. The warning from AI security company Anthropic has become reality: malicious actors are using advanced technologies to uncover obscure and complex vulnerabilities.
From Balancer’s $120 million loss to Truebit’s recent $26 million exploit, these figures represent more than just financial damage.
They are reshaping industry security standards, prompting every project team to re-examine their codebases, and encouraging every investor to be more cautious when choosing protocols.
