Key Notes
- TRU collapsed nearly 100% after a smart contract exploit drained $26.4 million from the Truebit Protocol.
- The token crashed from around $0.16 to near zero within minutes.
- Truebit is working with law enforcement, with no recovery plan announced.
Ethereum-based infrastructure project Truebit’s native token TRU collapsed nearly 100% after a smart contract exploit drained over $26.4 million from the protocol. The attack started with a suspicious on-chain transaction and quickly resulted in a full liquidity drain.
Notably, the attacker exploited a math error in Truebit’s minting contract, which incorrectly priced TRU close to zero. The bug allowed the attacker to mint massive amounts of TRU tokens at almost zero cost.
The attacker then sold them back into the pool. Each cycle pulled more ETH
ETH
$3 091
24h volatility:
0.8%
Market cap:
$373.01 B
Vol. 24h:
$15.70 B
out of the protocol. On-chain data shows the attacker also paid a small builder bribe to ensure a fast transaction and prevent intervention.
Security researcher Weilin Li independently confirmed that the exploit was based on a five-year-old smart contract flaw. No private keys were compromised and the system failed purely due to faulty math.
Another 26M hack. @Truebitprtocol
I haven’t decompiled the vulnerable code yet, but the root cause appears to be a mispriced minting function of its purchase contract that allows anyone to purchase TRU token at a very low price.
The first attacker (26M profit):… pic.twitter.com/qmoDB54I0w
— Weilin (William) Li (@hklst4r) January 8, 2026
$26.4M Drained in ETH
As per the on-chain data, the hacker divided 8,535 ETH in stolen funds across two wallets. One received around 4,267 ETH, while another collected around 4,001 ETH.
Once liquidity was removed, TRU’s market structure collapsed instantly. Before the exploit, TRU was trading near $0.16. However, it crashed more than 99% to around $0.00 after the case.
At the time of writing, TRU is trading around $0.034. The altcoin currently has nearly all market capitalization erased, according to CoinMarketCap data.
Truebit Team Responds
Truebit acknowledged the incident on X and stated that it is working with law enforcement to handle the situation. At the time of writing, no recovery plan or reimbursement details have been confirmed.
Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…
— Truebit (@Truebitprotocol) January 8, 2026
The incident marks the first major crypto hack of 2026, following a year that saw several DeFi exploits. In 2025, protocols like Balancer suffered major losses due to smart contract vulnerabilities.
next
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
A crypto journalist with over 5 years of experience in the industry, Parth has worked with major media outlets in the crypto and finance world, gathering experience and expertise in the space after surviving bear and bull markets over the years. Parth is also an author of 4 self-published books.
Parth Dubey on LinkedIn
Source: https://www.coinspeaker.com/tru-price-crash-token-loses-all-value-post-26m-truebit-hack/