Truebit Protocol Drained of $26M; TRU Token Collapses 99%
Truebit Protocol suffers a $26 million exploit via its Purchase contract, sending the TRU token down 99% to near-zero as funds move to Tornado Cash.
Verification Layer Fails Verification
Truebit Protocol, a platform designed to verify complex off-chain computations, has suffered a catastrophic security breach resulting in the loss of approximately 8,535 ETH ($26.6 million). The incident, first detected by blockchain security firm Cyvers, triggered an immediate market capitulation for the protocol’s native token (TRU), which shed nearly all its value within hours.
The exploit originated from a contract labeled “Truebit Protocol: Purchase,” where funds were siphoned in a single transaction that security monitors described as “inconsistent with typical transaction flows.” Following the breach, the attacker began funneling proceeds through Tornado Cash, a common tactic to obscure the money trail.
“Our system has detected a suspicious transaction with an estimated loss of 26M! An address got around 8,535 ETH from ‘Truebit Protocol: Purchase’,” Cyvers Alerts
Market Impact & Response
The market reaction was instantaneous and violent. The Truebit token (TRU), distinct from the DeFi lending protocol TrueFi, plummeted over 99%, falling from roughly $0.16 to $0.0000000029. Liquidity on decentralized exchanges evaporated, effectively trapping remaining holders.
In a statement cited in reports, Truebit Protocol acknowledged the incident, confirming they are “taking all available measures” and have established contact with law enforcement. The team has not yet released a technical post-mortem detailing the specific vulnerability in the Purchase contract.
This incident marks the first major protocol drain of the week, highlighting a persistent vulnerability in legacy Ethereum infrastructure layers. Analysts are currently monitoring the exploiter’s address for further movement of the stolen ETH.
