Key Insights
- Truebit protocol smart contract got hacked for over $26 million with hackers moving ETH from purchase contract.
- Early diagnosis suggests the attacks exploited a misprice minting function in the smart contract.
- TRU token has collapsed 100% as holders panic following the development.
Ethereum-based protocol Truebit has suffered a malicious attack, resulting in the theft of 8,535 ETH, worth approximately $26.44 million.
Blockchain security firm Cyvers detected the exploit, noting a single transaction labeled “Truebit Protocol: Purchase.”
Truebit Protocol Confirms Exploit of Smart Contract Address
The protocol has now confirmed the incident, noting that it affected one of its smart contract addresses, 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2. It advised against interacting with the contract.
Truebit protocol wrote:
“Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b.”
The protocol states that it has already contacted law enforcement and is working to address the situation. It further promised to share updates as they come along.
Meanwhile, there is no official information yet on how the incident happened. A user on X Obscicron explained that the malicious actor called a method named “Attack” on the Truebit purchase smart contract.
However, Weilin Li on X explained that the root cause is likely a mispriced minting function of the contract. This allowed the attacker to buy the TRU token at a very low price.
Interestingly, Li noted that there were two attackers. The first, 0xcd475564, stole around $26 million worth of ETH, while the second, 0x7149, took $250,000 in ETH.
Li added that the contract is very old, as it was deployed around five years ago, noting how more attackers are now targeting old contracts.
Already, there are reports that the attackers have begun transferring the funds to other addresses. While this has not been confirmed, it could complicate any attempt by Truebit to recover the stolen assets.
TRU Token Falls 100%
Interestingly, the hack has already caused a significant decline in the Truebit token value. TRU has fallen 100% due to the incident with the token worth around $0.1659 earlier today, now down to $0.0000792.
Already, some users are reporting substantial losses due to the decline in TRU value. It is unclear whether the token will recover, given that it was already in decline before this.
Truebit has been around since 2017 and serves as an off-chain computation layer for Ethereum. Users can verify complex computations off-chain through the protocol and then verify the results onchain.
At its peak back in 2021, the TRU token was worth $1.31. However, it has been worth only cents since as far back as 2022.
Meanwhile, this incident marks the first major crypto hack of 2026, underscoring the persistent vulnerability that remains a pressing issue for blockchain protocols. In 2025, total crypto theft reached $3.4 billion, according to Chainalysis, with major thefts, such as the Bybit exploit, being particularly notable.
Oluwapelumi Adejumo is an experienced cryptocurrency journalist who has contributed to leading blockchain news platforms, including CryptoSlate and BeInCrypto.
