Truebit Protocol Loses $26.5M in Major DeFi Hack

The security breach centered on a critical vulnerability within one of Truebit’s smart contracts. According to on-chain data analyzed by PeckShieldAlert, the attacker exploited a flaw in the contract’s pricing logic. This vulnerability allowed the hacker to mint TRU tokens at virtually no cost. The assailant then executed a rapid, repeated cycle of minting these tokens and selling them back into the protocol’s own bonding curve mechanism. This malicious arbitrage drained the protocol’s ETH reserves, with the attacker ultimately siphoning over 8,500 ETH, valued at roughly $26.5 million at the time of the exploit.

The immediate financial fallout was catastrophic for the TRU token. Its value plummeted by nearly 100% within hours of the exploit, rendering it effectively worthless on most cryptocurrency exchanges. The stolen funds were transferred to two Ethereum addresses: 0x2735…cE850a and 0xD12f…031a6. In response, the Truebit team has confirmed awareness of the threat, advised users against interacting with the compromised contract, and stated it is in contact with law enforcement while preparing a full post-mortem analysis.

Investigations by PeckShield have revealed a significant connection between this attack and a previous incident. The security firm identified the Truebit hacker as the same individual responsible for the ‘Sparkle attack’ that occurred nearly two weeks prior. In that earlier exploit, the culprit employed a strikingly similar method: exploiting a smart contract flaw to mint tokens at an artificially reduced cost before swapping them for approximately 5 ETH.

This pattern suggests the involvement of a sophisticated actor systematically targeting specific vulnerabilities in DeFi protocols. Following the Sparkle attack, the stolen funds were routed through Tornado Cash, a privacy protocol designed to obscure transaction trails, indicating a deliberate attempt to launder the illicit gains. The recurrence of this modus operandi raises urgent questions about the security auditing processes of targeted projects and the challenges of tracking cross-protocol exploits.

The Truebit hack arrives in the wake of an unprecedented year for cryptocurrency theft. According to data from TRM Labs, crypto-related hacks reached a record high in 2025, with more than $2.72 billion stolen from the ecosystem. The year was set on a grim trajectory in February when North Korean state-linked hackers orchestrated a $1.5 billion theft from the centralized exchange Bybit, which remains the largest crypto exploit recorded to date.

TRM Labs reported that this incident catalyzed a rise in more organized and professional hacking activity across the sector throughout 2025. However, the trend showed signs of easing toward the year’s end. A recent report indicated that losses from such exploits dropped by more than 60% in December 2025 compared to November figures, offering a glimmer of improvement in security postures before the Truebit breach ushered in the new year.

The Truebit Protocol exploit, resulting in a $26.5 million loss and the annihilation of the TRU token’s value, serves as a stark reminder that smart contract security remains the paramount challenge for DeFi. As the industry continues to grapple with sophisticated, repeat attackers and the specter of state-sponsored threats, the incident underscores the critical need for rigorous, continuous auditing and robust response protocols to protect user assets and maintain systemic trust.