Truebit is attacked, TRU token plummets by 99.9%, hacker operation steps analysis

Truebit is an Ethereum-based auxiliary protocol that helps smart contracts efficiently handle complex tasks, with the native token being TRU.

The attack resulted in a loss of approximately 8,535 ETH, worth about $26.6 million.

The attacker exploited a vulnerability in an old smart contract deployed five years ago within the Truebit protocol.

This contract had a logical error: when requesting to mint a large amount of TRU tokens, the calculated purchase price becomes abnormally low, even approaching zero.

The attacker's operation steps are roughly as follows:

1. The attacker calls the contract's purchase/mint function to mint a massive amount of TRU tokens at a very low ETH cost.

2. The protocol uses a pricing curve to manage TRU buy and sell prices. The attacker sells the freshly minted TRU tokens back to the contract.

3. Repeated buy-sell cycle: by repeatedly executing "buy (mint) at low price → sell at high price," the attacker continuously extracts funds from the contract's ETH reserves until approximately 8,535 ETH (worth about $26.6 million) is drained.

This vulnerability is essentially a pricing overflow or boundary condition error, causing price calculation failure during large-scale minting. The incident involves at least two attackers, with the main attacker profiting about $26 million. The Truebit team has confirmed the incident and paused related contract interactions.

#TruebitHack #TRU #CryptoHack #DeFiExploit #Ethereum