Truebit’s native token TRU collapsed after an exploit on January 8, that drained roughly 8,535 ETH — about $26.4–26.6 million — from the protocol’s reserve. The breach exploited a mispriced minting function in a legacy smart contract, triggering rapid buy-and-sell loops that emptied the bonding-curve liquidity and sent the token to near-zero valuation.
Attackers targeted a five-year-old contract with a mispriced mint function that effectively allowed purchases of TRU at near zero cost. They then sold tokens back into the protocol’s bonding-curve reserve, repeatedly extracting Ether until the reserve was drained.
Reporting identified the smart contract address involved as 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2, and noted the attacker paid a small builder bribe to prioritize the transactions and maximize the drain.
The event erased virtually all market value of TRU and raised fresh concerns about the persistence of legacy-code risks in decentralized finance.
Market impact and context
TRU’s price fell from about $0.16 to an all-time low near $0.0000000029, representing a collapse of roughly 99.9% that wiped out almost the entire market capitalization. The loss of 8,535 ETH (roughly $26.4–26.6 million) was reported across multiple outlets and flagged as one of the first major DeFi hacks of 2026.
Beyond immediate losses, the incident highlights how outdated or poorly audited code can remain a vector for large-scale drains. The speed and scale of the extraction — aided by transaction-priority payments — underscore the operational risks protocols face when legacy components remain active on-chain.
Investors and market participants will now watch Truebit’s public disclosures, any on-chain recovery steps, and whether the team commissions external audits or remediation measures; those actions will determine whether value can be stabilized and whether similar legacy-code exposures are addressed across the sector.
