
Ethereum-based DeFi protocol Truebit suffered a $26.6 million exploit that reportedly targeted a vulnerability in a smart contract deployed five years ago.
Truebit, an Ethereum-based verification and computation protocol, lost around 8,535 ETH ($26.6 million) in a security breach on Thursday.
“Today, we became aware of a security incident involving one or more malicious actors,” Truebit wrote on X. “We are in contact with law enforcement and taking all available measures to address the situation.”
While Truebit did not specify the amount stolen, onchain analytics platform Lookonchain identified the amount to be around 8,535 ETH. Independent researcher Weilin Li said that the exploit likely stemmed from a vulnerability in a mispriced minting function within an old smart contract deployed about five years ago.
This allowed attackers to purchase the protocol’s native TRU tokens at significantly reduced prices. Two separate attackers were involved, Li said, with one profiting around $26 million, while another gained approximately $250,000.
“Old contracts are getting more ‘popular’ among attackers now,” Li added.
Following the exploit, the price of Truebit’s TRU token plummeted 99.9%, dropping from approximately $0.16 to $0.00007721, according to data from Coingecko. The Block has reached out to Truebit for further comment.
DeFi security risks
This incident adds to the ongoing challenges in DeFi security, with rising risks associated with legacy contracts.
The November exploit on Balancer targeted a rounding error in the DeFi protocol’s v2 Composable Stable Pools, draining over $120 million in assets across multiple chains. Multiple other protocols, including Bunni, Nemo Protocol, Hyperdrive, and Yearn Finance, recently suffered smart contract exploits.
Last month, AI research company Anthropic flagged that advanced AI agents identified vulnerabilities in both dated and recently deployed smart contracts on Ethereum, warning that malicious actors now have access to advanced technology to exploit obscure and complex vulnerabilities.

