Truebit reports hacking incident with $26 million stolen! Native token TRU crashes 100%, nearly worthless

Ethereum verification and computation protocol Truebit was attacked by a smart contract vulnerability on Thursday, resulting in losses of assets worth over $26 million. After the news broke, the native token TRU plummeted from $0.16 to nearly zero, a 100% drop in a short period.

Truebit officially confirmed the news on social platform X: “We have discovered a security incident involving one or more malicious actors. We are currently working closely with law enforcement and taking all possible measures to address this situation.”

Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…

— Truebit (@Truebitprotocol) January 8, 2026

Although Truebit has not disclosed the specific amount stolen, on-chain analysis platform Lookonchain estimates that up to 8,535 ETH were stolen, worth approximately $26.6 million.

According to independent researcher Weilin Li’s analysis, this attack likely originated from a smart contract deployed by Truebit five years ago, which involved a pricing mechanism in the “mint” function that contained an error, allowing hackers to buy TRU tokens at far below market price.

Weilin Li stated that the attack was carried out by two hackers, with one profiting about $26 million and the other about $250,000.

Weilin Li specifically warns that recent hacker circles are engaging in a “archaeological trend,” targeting old contracts that, although forgotten, still have permissions and are vulnerable to attack.