Truebit Token Crashes 99.9% After 'Archaeological' Exploit Drains Treasury

The attack resulted in the theft of 8,535.36 ETH. This sum was valued at roughly $26.4mn at the time of the transfer. The exploit triggered a hyperinflationary event that crashed the price of the native TRU token by 99.9%.

The vulnerability existed within a legacy smart contract deployed five years ago. CertiK Alert identified a "minting pricing error" in the contract, which had gone unnoticed since the early days of the protocol. 

The attacker discovered this "archaeological" bug and used it to mint a massive quantity of TRU tokens at near-zero cost before dumping them into liquidity pools.

The aftermath

The market impact was immediate. The TRU token price collapsed from $0.16 to $0.000077 in minutes as the hacker liquidated their position.

Uniswap data shows the sell-off generated a record spike in fees for the decentralized exchange. Daily fee revenue hit $1.4mn driven largely by the frenzied arbitrage activity surrounding the crash.

Independent researcher Weilin Li noted that two separate attackers were involved. One profited approximately $26mn while a second copycat attacker gained roughly $250,000.

Code is law

Truebit confirmed the breach in a statement on X.

"Today we became aware of a security incident involving one or more malicious actors," the team wrote. "We are in contact with law enforcement and taking all available measures to address the situation."

For the DeFi sector, it is a brutal reminder that "code is law" has no statute of limitations. A bug deployed half a decade ago can still destroy a protocol today. 

The incident mirrors the November exploit of Balancer, which also targeted a rounding error in a legacy stable pool contract.