Truebit confirmed a major security incident where attackers exploited a legacy smart contract and extracted roughly $26 million in ETH, effectively collapsing the TRU token. The protocol’s own explanation is that the exploit enabled malicious actors to mint TRU at negligible cost and immediately liquidate it, draining reserves in the process.
The fallout was immediate: TRU’s market value and liquidity evaporated, and the team opened an active investigation with law enforcement while keeping recovery details undisclosed. At the time of confirmation, Truebit had not shared specifics on responsible parties, participating agencies, or a concrete recovery path, leaving counterparties to manage uncertainty in real time.
Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…
— Truebit (@Truebitprotocol) January 8, 2026
How the exploit played out
Truebit traced the root cause to a vulnerability in a five-year-old contract connected to pricing or minting logic. That legacy exposure became the control gap attackers used to manufacture a near-unlimited token supply and convert it into value before defenses could meaningfully respond.
The key mechanic was simple but devastating: unlimited mint capacity paired with fast liquidation created a one-way drain against protocol reserves. Once the minting loophole was in play, market pressure compounded quickly because newly created TRU could be sold into whatever liquidity remained.
On-chain tracing tied the proceeds to about 8,535 ETH, aligning with the same ballpark as the stated $26 million loss. In parallel, TRU reportedly fell from around $0.16 to effectively zero across most markets, which is consistent with a rapid collapse in confidence and liquidity once the exploit route became known.
Beyond the immediate loss, the incident spotlights structural operational risk around legacy smart contracts, mint privileges, and reserve design. For regulated firms and service providers, this kind of event also triggers practical obligations around traceability, incident reporting, customer communications, and custody risk governance.
What risk and compliance teams should do now
The priority is controlled containment: pause trading and token flows where necessary until counterparty and on-chain exposure is fully assessed. In parallel, monitoring rules should be tightened to flag abnormal token issuance patterns and large outbound ETH movements that follow fresh mints, while coordination ramps up with on-chain analytics and law enforcement to support tracing and any asset-recovery requests.
Operationally, teams should preserve audit-ready records and reassess smart contract risk standards before any re-listing or renewed support. That means retaining logs for suspicious activity filings and client notifications, and requiring evidence of recent audit coverage for any token that re-enters a supported universe after a minting-driven reserve drain.
Next steps will hinge on what Truebit discloses about remediation and recovery, and whether investigators can identify and pursue the actors behind the drain. Until those updates land, custodians and exchanges will likely treat TRU-related exposure as a heightened-risk profile and use this episode as a forcing function to strengthen legacy-contract review and real-time on-chain surveillance.