> At a Glance
> – A pricing glitch in Truebit’s smart contract let an attacker mint unlimited TRU tokens.
> – Over 8,500 ETH ($26.5 million) was siphoned within hours.
> – TRU’s price crashed ≈100%, leaving the token virtually worthless.
> – Why it matters: DeFi users face another stark reminder that code flaws can vaporize liquidity in minutes.
Truebit Protocol joined the growing list of hacked DeFi projects after an exploiter manipulated its bonding-curve pricing logic to drain the treasury.
How the Attack Unfolded
Blockchain-security firm PeckshieldAlert first flagged the breach on X. On-chain records show the attacker repeatedly minted TRU at zero cost, then dumped the tokens back into the protocol’s own bonding curve. The rapid buy-sell loop bled out more than 8,500 ETH-now worth roughly $26.5 million-into two fresh addresses:
0x2735...cE850a0xD12f...031a6
Token Collateral Damage
The flood of fake sell pressure obliterated TRU’s market price within hours. Most exchanges now price the token near $0, representing a ≈100% drawdown from pre-attack levels.
Same Actor Behind Sparkle Incident
PeckShield links this exploit to the same wallet that hit Sparkle two weeks earlier, where a similar contract flaw yielded about 5 ETH. The earlier proceeds were run through Tornado Cash to obscure the trail.
Project Response
Truebit’s team has:
- Acknowledged the breach
- Urged users to avoid interacting with the affected contract
- Begun working with law-enforcement
- Promised further updates once a full post-mortem is ready
Key Takeaways
- A single pricing-bug let an attacker mint unlimited TRU and drain $26.5 million in ETH.
- TRU holders saw value evaporate in under a day.
- The same wallet is tied to at least one prior small-scale exploit.
- Truebit has yet to publish technical details or recovery steps.
The incident underscores how quickly coding oversights can translate into eight-figure losses for decentralized protocols.
