Legacy DeFi platforms lose $27M as hacking spree continues into 2026

A recent spate of hacks has been keeping older decentralized finance (DeFi) platforms squarely in the crosshairs.

During the 2020-2022 DeFi boom, the likes of Ribbon Finance, Rari Capital and Yearn were household names within the sector.

However, contracts from all three projects were hacked in December, leading to speculation that blackhats may be reassessing forgotten code with the help of AI.

The campaign apparently shows no signs of slowing down. A further two projects have now lost $27 million between them, over the course of three incidents.

Truebit: $26M infinite mint

On Thursday, “verification layer” Truebit suffered the year’s first major hack.

The affected contract contained an integer-overflow vulnerability which allowed the hacker to mint a vast quantity of TRU tokens.

These were then burned, the hacker withdrew 8,535 ether (ETH) worth $26 million, and the TRU price plummeted to zero.

Read more: Is an AI hacker targeting old DeFi projects in $5M spree? 

The code had been vulnerable since launch, almost five years ago. Given the contract once held almost 44,000 ETH (worth $140 million), the damage could have been far worse.

Afterward, on-chain bots replicated the attack, with one security researcher commenting that “fuzzing bots are eating this up like piranhas.”

Futureswap: double trouble

Earlier today, a second attack hit Futureswap, a seemingly-abandoned leverage trading platform on Arbitrum.

As flagged by Decurity, the unverified contract lost just over $400,000, bringing the total extracted from the project to around $1 million in the past month.

Read more: 2025’s biggest crypto hacks: From exchange breaches to DeFi exploits

Futureswap had previously been hit by a governance attack in December, in which at least $550,000 was estimated to have been lost.

The attacker submitted a malicious proposal before voting for it with tokens temporarily borrowed via a “flash loan.”

‘It’s going to keep happening’

Pseudonymous ex-Yearn security researcher storming0x, who had previously highlighted the pattern of an attacker “specifically targeting legacy contracts,” again called for DeFi teams to reassess their old code.

They recommend that teams “either deprecate/sunset or reaudit” legacy contracts and “implement preventive actions” to protect users. Users, for their part, should “withdraw from old contracts.”

“It’s going to keep happening,” they warn.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.