Quick Breakdown
- Truebit lost $26 million after a smart contract overflow bug allowed attackers to mint TRU tokens at near-zero cost.
- The exploit caused a 99% crash in TRU’s price, highlighting risks tied to outdated Solidity versions.
- Smart contract flaws remain crypto’s biggest threat, even as phishing and social engineering attacks rise.
A critical smart contract flaw has led to a $26 million exploit of the offline computation protocol Truebit, wiping out nearly all the value of its native TRU token and reigniting concerns about long-standing smart contract vulnerabilities.
🚨SlowMist: Analysis of Truebit Protocol Incident🚨
On Jan 8, @Truebitprotocol was exploited via an integer overflow vulnerability in its Purchase contract, allowing the attacker to mint $TRU at near-zero cost and drain 8,535 $ETH (~$26.44M) 💰
🔍 Root cause: Missing overflow… https://t.co/OCzQTjOwDJ pic.twitter.com/0zL7AfDgHY
— SlowMist (@SlowMist_Team) January 12, 2026
Blockchain security firm SlowMist published a post-mortem analysis on Monday, explaining that the exploit stemmed from faulty smart contract logic rather than a sophisticated external hack.
The incident, first reported on Friday, saw the Truebit (TRU) token plunge by 99% after an attacker exploited a loophole that allowed tokens to be minted at virtually no cost.
Overflow bug enabled near-free token minting
According to SlowMist, the attacker took advantage of a missing overflow protection mechanism in Truebit’s Purchase contract. The contract miscalculated the amount of ETH required to mint TRU tokens due to an integer overflow in an addition operation.
Because the contract was compiled using Solidity version 0.6.10, a version that lacks built-in overflow checks, calculations that exceeded the maximum uint256 value silently wrapped around, producing a value close to zero.
This error effectively reduced token minting costs to nothing, allowing the attacker to generate and drain roughly $26 million worth of TRU tokens from the protocol’s reserves.
Old protocols, new risks for crypto security
The exploit is a stark reminder that even established blockchain projects remain exposed to security risks. Truebit launched on Ethereum’s mainnet in April 2021, making the vulnerability particularly concerning given the protocol’s age.
Smart contract flaws continue to dominate crypto attack vectors. SlowMist’s 2025 year-end report reveals that contract vulnerabilities accounted for 30.5% of all crypto exploits last year, with 56 reported incidents, surpassing any other category.
Security research is also evolving rapidly. An Anthropic study published late last year found that AI models, including Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI’s GPT-5, collectively identified smart contract exploits worth $4.6 million during controlled testing.
Meanwhile, attackers are increasingly shifting away from protocol hacks toward social engineering. Crypto phishing scams emerged as the second-largest threat in 2025, costing investors $722 million across 248 incidents, according to CertiK. Although this figure represents a 38% drop from 2024, it suggests growing user awareness.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
