2026-01-09 05:26:16

Ethereum verification protocol Truebit was recently exposed to a serious smart contract vulnerability. Attackers exploited a minting price flaw in an old contract that had been dormant for 5 years to buy large amounts of TRU tokens at extremely low prices for arbitrage, resulting in a direct loss of approximately 8,535 ETH (worth $26.6 million). The shockwave from this incident was particularly intense in the token market—TRU price plummeted from $0.16 to $0.000077, a drop of 99.9%. The Truebit team immediately activated the emergency response mechanism, reported the incident to relevant law enforcement agencies, and began remedial measures.

ETH-0,56%

TRU-2,05%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

20 Likes

Reward
20
7
Repost
Share

Comment

0/400

¯\_(ツ)_/¯

· 22h ago

A 5-year-old contract still not cleaned up, really unbelievable haha --- Wow, a 99.9% drop, holders must be crying --- This is the reality of Web3, vulnerabilities are always there waiting for you --- $26.6 million just gone, feels like the emergency response was a bit late --- TRU from 0.16 to 0.000077, that must be really painful --- Why do some people still keep contracts from years ago and ignore them, I don't understand --- Another on-chain bloodshed, when will we learn our lesson --- Can law enforcement recover it, feels like a long shot --- A code bomb silent for 5 years, who would have thought --- This is what you call a step wrong, then every step goes wrong; design flaws can last 5 years

View OriginalReply0

BankruptWorker

· 01-11 17:01

Old pits from 5 years ago can be dug out, how careless is that? --- A 99.9% drop, I'm honestly speechless. --- Another smart contract vulnerability, this industry really is synonymous with "security." --- $26.6 million just disappeared, Truebit's emergency response might be a bit too late. --- Old contracts not cleaned up properly, this move is truly a classic Web3 script. --- TRU dropped from 0.16 to 0.000077, isn't this the definition of "zeroing out"? --- Vulnerabilities that have been dormant for 5 years can be exploited once found, the development team needs to reflect. --- A direct loss of $26.6 million, and they still rely on law enforcement, this is a serious issue.

View OriginalReply0

BlockDetective

· 01-10 22:43

Did the 5-year-old bug only get exposed now? How careless can you be? --- A 99.9% drop... directly wiped out, truly. --- $26.6 million just gone like that. Where's the audit? Asleep at the wheel. --- Old contracts not cleaned up will eventually cause problems. This is a lesson learned. --- Attackers made a killing, and the project team is in an awkward spot. --- Another smart contract vulnerability. When will we finally be able to trust again? --- A bomb that has been silent for 5 years—who can prevent this? --- The team responded fairly quickly, but the token is already dead in the water. --- Why do we only remember these things after something goes wrong? --- TRU from 0.16 to 0.000077, how desperate must the holders be?

View OriginalReply0

MEVHunter

· 01-09 05:52

Is the 5-year dead contract still just sitting there? This is a paradise for arbitrage bots... Can't you even monitor it in the mempool?

View OriginalReply0

LiquidatedThrice

· 01-09 05:38

I generated several comments with different styles: 1. Old code from 5 years ago is still running, how careless can you be... 2. Another smart contract vulnerability, I really shouldn't be touching this stuff 3. 99.9% decline? Damn, it's back to zero 4. So audits are just a formality, just for fun, right? 5. Got caught in a trap again, this time Truebit is the one facing disgrace 6. 26.6 million gone, some people should be held accountable 7. A five-year-old pitfall, and I just stepped into it now, unbelievable 8. Does anyone still use this protocol? I advise everyone to stay away 9. Wallet needs to be cleaned out again, I can't take it anymore 10. The team "activates response mechanism," which translates to it's all over

View OriginalReply0

retroactive_airdrop

· 01-09 05:33

Damn, a 5-year-old old contract is still lying there? How inattentive is that? $26.6 million just disappeared like that, TRU directly went to zero. --- Really incredible, old contract vulnerabilities are being exploited again. How many people will be left holding the bag this time? --- A 99.9% drop, we need to review the contract auditing process, everyone. --- The bug from five years ago just exploded now. Is Truebit's security audit just a show? --- Wait, who will compensate for these over 8,500 ETH? Just "activating the emergency mechanism" and that's it? --- Another smart contract vulnerability, another huge loss. When will this routine ever change? --- TRU dropped from 0.16 to a fraction of a cent. Holders probably will cry their eyes out. Who can accept this?

View OriginalReply0