TRU Crashes Nearly 100% as Hack Drains 8,535 ETH From Truebit

What Happened to Truebit and the TRU Token?

Truebit’s TRU token collapsed on Thursday later than an exploit drained roughly 8,535 ether from the protocol’s reserves, wiping out most of the token’s value within hours. Onchain data and independent researchers estimated the loss at about $26.6 million, triggering a near-total evaporation of liquidity as holders rushed to exit.

Truebit, an ETH-based verification and computation project, confirmed it had suffered a security incident. In a public statement, the team said it was “aware of a security incident involving one or more malicious actors,” adding that it was in contact with law enforcement and taking steps to address the situation. The protocol also warned users not to interact with a specific affected contract while the issue is investigated.

The market reaction was swift. TRU plunged as much as 99.9% at its worst point, reflecting how rapidly confidence can vanish once a reserve-backed mechanism is compromised. At the time of writing, the project has not confirmed whether all affected contracts have been paused.

Investor Takeaway

How Did the Exploit Drain the Reserves?

Blockchain analysts traced the attack to a flaw in an older around five years ago. According to researchers, the contract contained a minting function that could return a purchase price of zero under certain conditions when a very large amount of tokens was requested.

That flaw allowed the attacker to purchase TRU repeatedly at no cost, then immediately trade the . Each cycle pulled out of the pool while leaving the attacker with little to no capital at risk.

Independent onchain researcher “n0b0dy” described the exploit as a sequence of purchase-and-trade loops that took advantage of pricing distortions as the reserve balance shifted. Over time, those loops drained the pool almost entirely. The wallet involved reportedly paid a small builder bribe to speed up transaction inclusion, assisting the attacker execute the strategy before defensive measures could take effect.

Lookonchain and other analysts converged on a figure of 8,535 ETH removed from the system, aligning with the sharp drop in the protocol’s onchain balances during the attack window.

Why Were Older Contracts Still Exposed?

The incident highlights a persistent issue in decentralized finance: older contracts can remain live, funded, or indirectly connected to reserves long later than a protocol’s main codebase has been updated. Even if newer contracts are audited and maintained, legacy deployments may still hold value or interact with active components.

In Truebit’s case, the vulnerable logic sat in an older contract that had not drawn much attention in recent years. Once the attacker identified the pricing edge case, they were able to newer code paths. This type of attack does not rely on breaking cryptography or bypassing permissions, but on finding economic mispricing baked into smart-contract logic.

Such exploits are hard to catch through routine monitoring, especially when the vulnerable component is assumed to be dormant or irrelevant. As long as it can move value, it remains a viable target.

Investor Takeaway

What Comes Next for Truebit?

Truebit has yet to publish a full post-mortem explaining the technical details of the exploit or outlining remediation steps. The team has also not confirmed whether all affected contracts have been paused or isolated from the rest of the system.

Any recovery effort will depend on how much of the drained ether can be traced or recovered and whether emergency controls can prevent further losses. In the absence of a clear update, market participants remain cautious, and liquidity conditions around TRU are likely to stay thin.

Beyond the immediate impact on Truebit, the episode serves as another warning for the wider DeFi sector. Older contracts, forgotten pricing logic, and legacy reserve connections continue to offer attackers a way in. As protocols age, the surface area for these kinds of economic exploits grows rather than shrinks.

For users and investors, the lesson is familiar but costly: protocol history matters. A project’s age, past deployments, and legacy code paths can be just as significant as its latest upgrade when assessing risk.