Truebit Exploit Exposes Smart-contract Flaw Behind $26m Token Mint (2026)
Truebit lost $26 million after a smart-contract overflow bug let an attacker mint tokens at near-zero cost, sending the TRU price down 99%.
A $26 million exploit of the offline computation protocol Truebit stemmed from a smart-contract flaw that allowed an attacker to mint tokens at near-zero cost, highlighting persistent security risks even in long-running blockchain projects.
Truebit suffered the $26 million exploit that resulted in a 99% crash for the Truebit (TRU) token, Cointelegraph reported on Friday.
The attacker abused a loophole in the protocol’s smart-contract logic, which enabled them to mint “massive amounts of tokens without paying any ETH,” according to blockchain security company SlowMist, which published a post-mortem analysis on Tuesday.
“Due to a lack of overflow protection in an integer addition operation, the Purchase contract of Truebit Protocol produced an incorrect result when calculating the amount of ETH required to mint TRU tokens,” SlowMist said.
The smart contract’s price calculations were then “erroneously reduced to zero,” enabling the attacker to drain the contract’s reserves by minting $26 million worth of tokens “at nearly no cost,” the post mortem said.
Since the contract was compiled with Solidity 0.6.10, the prior version didn't include built-in overflow checks, which caused calculations exceeding the maximum value of “uint256” to result in a “silent overflow,” causing the result to “wrap around a small value near zero.”
Related: Fake MetaMask 2FA security checks lure users into sharing recovery phrases
The exploit shows that even the more established protocols are threatened by hackers. Truebit was launched on the Ethereum mainnet almost five years ago in April 2021.
Smart-contract security attracted interest at the end of last year, when an Anthropic study revealed that commercially available artificial intelligence (AI) agents had found $4.6 million worth of smart contract exploits.
Source: CoinTelegraph
