Truebit Suffers $26.5M Loss in First Major DeFi Hack of 2026

The exploit leveraged a flaw in Truebit’s pricing logic, letting the attacker mint unlimited TRU tokens and drain ETH reserves.

Truebit Protocol has suffered a major security breach resulting in the loss of approximately $26.5 million in ETH.

The incident has also triggered a collapse in the value of its native token, TRU, which plummeted by nearly 100% within hours.

Smart Contract Breach

Blockchain security firm PeckshieldAlert flagged the incident via X, stating that Truebit had fallen victim to an exploit that drained over 8,500 ETH, worth approximately $26.5 million, from one of its smart contracts.

On-chain data shows that the attacker took advantage of a vulnerability in the smart contract’s pricing logic, which allowed them to mint TRU tokens at no cost. The hacker then repeatedly minted and sold the tokens back into the protocol’s bonding curve, draining its ETH reserves through a rapid buy-sell cycle. The stolen funds have since been transferred to two addresses, 0x2735…cE850a and 0xD12f…031a6.

The exploit had an immediate impact on the TRU token, causing its value to drop almost 100% within hours and leaving it worthless on most exchanges.

At the time of writing, the DeFi platform has confirmed that it is aware of the security threat while also advising users to avoid interacting with the affected smart contract. The team has not yet released a full post-mortem, but stated that it is in contact with law enforcement and is taking all necessary measures to address the issue.

Truebit Breach Linked to Sparkle Attack

Interestingly, PeckShield has identified the Truebit hacker as the same individual responsible for the Sparkle attack that occurred nearly two weeks ago. In that episode, the culprit similarly exploited a flaw in the project’s smart contract to mint tokens at an artificially reduced cost, which was then swapped for approximately 5 ETH. The stolen funds were later routed through Tornado Cash, a privacy protocol commonly used to hide transaction trails.

You may also like:

Overall, crypto-related hacks reached a record high in 2025, with more than $2.72 billion stolen, according to TRM Labs. The year began on a rough note in February, when North Korean hackers stole $1.5 billion from centralized exchange Bybit, the largest crypto exploit recorded to date.

That incident set the pace for the rest of the year, as TRM Labs reported a rise in more organized and professional hacking activity across the sector. However, the trend eased toward the end of the year, with a recent report showing that such losses dropped by more than 60% in December compared to figures recorded in November.