Ethereum-based protocol Truebit has suffered a major security breach, resulting in the loss of millions of dollars in cryptocurrency.
The breach came to light on Thursday when Truebit disclosed unusual activity on its platform. In a public statement shared on X, the protocol confirmed that it had detected a security incident involving malicious actors and said it was coordinating with law enforcement authorities.
Although Truebit did not immediately reveal the financial impact, blockchain data soon provided clarity. On-chain analytics firm Lookonchain estimated that approximately 8,535 ETH were siphoned in the incident. Consequently, the breach resulted in losses of roughly $26.6 million at the time of the exploit.
Outdated Smart Contract Identified as Entry Point
Meanwhile, as the investigation unfolded, independent blockchain researcher Weilin Li attributed the exploit to a vulnerability in a legacy smart contract.
According to Li, the flaw stemmed from a mispriced minting function embedded in a contract deployed roughly five years ago. This pricing error allowed attackers to mint Truebit’s native TRU tokens at heavily discounted rates, opening the door to large-scale exploitation.
Li noted that two separate attackers exploited the vulnerability, but the outcomes differed significantly. One attacker extracted an estimated $26 million, while the other gained approximately $250,000.
More broadly, Li warned that attackers are increasingly targeting older contracts that were never designed to withstand today’s more sophisticated threat models.
TRU Token Crashes Following Exploit Disclosure
Market reaction was swift once news of the exploit spread. Truebit’s native TRU token suffered an immediate and near-total collapse in value.
Data from CoinGecko shows the token plunging from roughly $0.16 to $0.0000000007209. Effectively, the decline amounts to a 100% loss, erasing TRU’s market value within hours of the disclosure.
Truebit Joins Growing List of DeFi Security Failures
The Truebit exploit adds to an escalating wave of security incidents within the DeFi sector. A significant number of these breaches can be traced to outdated or inadequately maintained codebases.
For instance, in November, Balancer lost more than $120 million after attackers exploited a rounding error in its v2 Composable Stable Pools, affecting multiple blockchain networks.
More recently, protocols including Yearn Finance, Hyperdrive, Nemo Protocol, and Bunni have also reported smart contract exploits.
AI Advances Raise Stakes for Smart Contract Security
In addition, emerging technologies are further intensifying the challenge. Last month, AI research firm Anthropic warned that advanced artificial intelligence systems can now identify vulnerabilities in both legacy and newly deployed Ethereum contracts.
According to the firm, these tools significantly lower the barrier for malicious actors to uncover complex or obscure flaws. Therefore, DeFi projects face growing pressure to strengthen audit practices, modernize defenses, and retire outdated smart contracts before they become liabilities.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
USDC 
TRON 
Lido Staked Ether 
Dogecoin 
Figure Heloc 