Truebit Faces $26.5 Million Loss in Its First Significant DeFi Hack of 2026
Truebit Protocol experiences a significant security breach resulting in a massive loss and a sharp decline in token value.
Truebit Protocol has encountered a significant breach, leading to a loss estimated at around $26.5 million in Ethereum.
The breach triggered a drastic decline in the value of Truebit’s native token, TRU, which saw a nearly 100% drop shortly after the incident.
Exploit Details
Blockchain security firm PeckshieldAlert flagged the attack on X (formerly Twitter), indicating that Truebit had suffered an exploit that extracted over 8,500 ETH, roughly equating to $26.5 million, from a smart contract.
On-chain data reveals that the attacker exploited a flaw in the smart contract’s pricing logic, enabling them to generate TRU tokens without cost. The hacker repeatedly minted and sold these tokens back into the protocol’s bonding curve, swiftly depleting its ETH reserves through a fast-paced buy-sell loop. The stolen funds have been directed to two addresses: 0x2735…cE850a and 0xD12f…031a6.
The exploit inflicted immediate damage on the TRU token, causing its value to nearly hit zero on most exchanges.
At present, the DeFi platform has acknowledged the security issue and cautioned users against engaging with the compromised smart contract. The team is yet to publish a comprehensive post-mortem but has confirmed they are liaising with law enforcement while taking essential actions to mitigate the threat.
Connection to Previous Attacks
Interestingly, PeckShield has identified the Truebit hacker as the same individual responsible for the Sparkle attack that transpired almost two weeks ago. In that incident, the individual similarly exploited a loophole within a smart contract to generate tokens at an artificially lowered price, which were then exchanged for approximately 5 ETH. The illicit funds were subsequently funneled through Tornado Cash, a privacy-oriented protocol used to obscure transaction trails.
Crypto Security Trends
Overall, breaches linked to cryptocurrency reached unprecedented levels in 2025, with over $2.72 billion pilfered, according to TRM Labs. The year commenced poorly with a significant breach in February when North Korean hackers stole $1.5 billion from centralized exchange Bybit, marking the most considerable crypto exploit on record.
This event set the stage for a year typified by increasingly organized and professional hacking operations across the industry. However, data toward the year’s conclusion indicated a decline in such activities, with reports showing a more than 60% drop in losses in December compared to November figures.
