The $26 million exploit of the offline computation protocol Truebit stemmed from a sensible contract flaw that allowed an attacker to mint tokens at near-zero price, highlighting persistent safety dangers even in long-running blockchain initiatives.
Truebit suffered a $26 million exploit that resulted in a 99% crash for the Truebit (TRU) token, Cointelegraph reported on Friday.
The attacker abused a loophole within the protocol’s good contract logic, which enabled them to mint “large quantities of tokens with out paying any ETH,” in accordance with blockchain safety firm SlowMist, who revealed a autopsy evaluation on Tuesday.
“As a result of an absence of overflow safety in an integer addition operation, the Buy contract of Truebit Protocol produced an incorrect outcome when calculating the quantity of ETH required to mint TRU tokens,” SlowMist mentioned.
The good contract’s value calculations have been then “erroneously diminished to zero,” enabling the attacker to empty the contract’s reserves by minting $26 million value of tokens “at almost no price,” the submit mortem states.
Because the contract was compiled with Solidity 0.6.10, the prior model did not embrace built-in overflow checks, which precipitated calculations exceeding the utmost worth of “uint256” to lead to a “silent overflow,” inflicting the outcome to “wrap round a small worth close to zero.”
Associated: Faux MetaMask 2FA safety checks lure customers into sharing restoration phrases
The exploit reveals that even the extra established protocols are threatened by hackers. Truebit was launched on the Ethereum mainnet almost 5 years in the past in April 2021.
Sensible contract safety attracted curiosity on the finish of final yr, when an Anthropic examine revealed that commercially accessible synthetic intelligence (AI) brokers had discovered $4.6 million value of good contract exploits.
Anthropic’s Claude Opus 4.5, Claude Sonnet 4.5 and OpenAI’s GPT-5 collectively developed exploits value $4.6 million when examined on good contracts, in accordance with a analysis paper launched by the AI firm’s crimson workforce, devoted to discovering code vulnerabilities earlier than malicious actors.
Associated: Bitcoin investor loses retirement fund in AI-fueled romance rip-off
Sensible contract bugs largest assault vector of 2025
Sensible contract vulnerabilities have been the most important assault vector for the cryptocurrency business in 2025, with 56 cybersecurity incidents, whereas account compromises ranked second with 50 incidents, in accordance with SlowMist’s year-end report.
Contract vulnerabilities accounted for 30.5% of all of the crypto exploits in 2025, whereas hacked X accounts accounted for twenty-four% and personal key leaks for 8.5% in third place.
In the meantime, different hackers are switching methods from protocol hacks to exploiting weak hyperlinks in onchain human conduct.
Crypto phishing scams emerged because the second-largest risk of 2025, costing crypto traders a cumulative $722 million throughout 248 incidents, in accordance with blockchain safety platform CertiK.
Crypto phishing assaults are social engineering schemes that don’t require hacking code. As an alternative, attackers share fraudulent hyperlinks to steal victims’ delicate data, such because the non-public keys to crypto wallets.
Nonetheless, traders have gotten wiser to this risk, because the $722 million is 38% much less in comparison with the $1 billion stolen by phishing scams in 2024.
Journal: Meet the onchain crypto detectives preventing crime higher than the cops
