NeoChainDaily
NeoChainDaily
Uplink
Initialising Data Stream...
Zurück
13.01.2026 • 03:15 Cybersecurity & Exploits

Truebit Smart Contract Exploit Leads to $26.4 Million Loss

Global: Truebit Smart Contract Exploit Leads to $26.4 Million Loss

An attacker exploited a vulnerability in an Ethereum‑based smart contract, resulting in the theft of 8,535 ETH, valued at approximately $26.4 million. The breach occurred on a contract deployed in 2021 and was carried out by minting excessive amounts of the protocol’s TRU token before swapping it for Ether.

Attack Overview

The exploit targeted a price‑calculation routine used during the minting process. A numeric overflow allowed the attacker to obtain large quantities of TRU at a fraction of the intended cost, effectively bypassing the protocol’s economic safeguards.

Vulnerability Details

According to the contract code, the overflow arose when the minting function attempted to compute the token price for very large issuance volumes. The calculation wrapped around, producing an artificially low price that the attacker leveraged to mint TRU tokens en masse.

Financial Impact

After acquiring the inflated TRU supply, the perpetrator exchanged the tokens for Ether on decentralized markets. The sudden influx caused the TRU price to collapse by roughly 99.9%, and the attacker withdrew the equivalent of 8,535 ETH. A follow‑up transaction drained an additional $300,000 from the project’s reserves.

Project Response

Truebit publicly acknowledged the incident and advised users to avoid interacting with the compromised contract. The team indicated that they are reviewing the affected code and considering remedial measures to prevent similar exploits.

Wider Security Context

Security analysts note that overflow bugs, while technically simple, can have outsized financial consequences when embedded in high‑value DeFi contracts. The incident underscores the importance of rigorous formal verification and third‑party audits for smart contracts that manage substantial assets.

This report is based on information from Web3 Is Going Great, licensed under Creative Commons Attribution 3.0 (CC BY 3.0). Analysis provided by Web3 Is Going Great.

Ende der Übertragung

Originalquelle

Privacy Protocol

Wir verwenden CleanNet Technology für maximale Datensouveränität. Alle Ressourcen werden lokal von unseren gesicherten deutschen Servern geladen. Ihre IP-Adresse verlässt niemals unsere Infrastruktur. Wir verwenden ausschließlich technisch notwendige Cookies.

Core SystemsTechnisch notwendig
External Media (3.Cookies)Maps, Video Streams
Analytics (Lokal mit Matomo)Anonyme Metriken
Datenschutz lesen