$26M Truebit Hack Was Smart Contract Exploit: Analysis
A $26 million exploit on the Truebit protocol resulted from a smart contract flaw causing an integer overflow in price calculations.Summary
The Truebit protocol suffered a $26 million exploit due to a flaw in its smart contract logic, causing the Truebit (TRU) token value to crash by 99%. Blockchain security firm SlowMist's post-mortem analysis revealed the attacker exploited a lack of overflow protection in an integer addition operation within the Purchase contract. This error caused the calculation for the required ETH to mint tokens to wrap around to near zero, allowing the attacker to mint massive amounts of TRU tokens at almost no cost. The vulnerability stemmed from the contract being compiled with Solidity 0.6.10, which lacked built-in overflow checks for uint256 operations. The incident underscores persistent security risks in established blockchain projects, as Truebit launched in 2021. Furthermore, the analysis noted that smart contract vulnerabilities were the largest attack vector in 2025, while crypto phishing scams, though costly, saw a decrease in total stolen funds compared to 2024.
(Source:Cointelegraph)