An audit report reveals the Truebit crypto hack was caused by a relatively simple overflow vulnerability, one that allowed an attacker to abscond with the equivalent of $26 million from the Truebit Protocol.
The crypto hack cratered out the $TRU token value, which has seen almost no trading activity since the attack. The threat actor was able to abuse a faulty addition operation in the purchase contract, one that would have been avoided had the SafeMath library been used.
Crypto hack set token purchase price to zero
The hacker was able to abuse this oversight to set the purchase price of the token to zero, quickly picking up about $26.44 million (8,535 ETH) worth of ether for themselves at very little cost by selling it back. The key to the crypto hack was the use of an older version of the Solidity smart contract programming language (0.6.1) that does not have a complete range of overflow checks. Solidity says that use of the most recent version (0.8) eliminates this possibility, but that the older version might have also been shored up had the SafeMath library been incorporated for overflow protection.
Truebit has since publicly acknowledged the crypto hack, which caused the $TRU token to fall to an actual near-zero value, and has warned the public away from interacting with the tainted smart contract. The attacker took at least half of the purloined funds immediately to Tornado Cash, and they are expected to be unrecoverable at this point. The token price dropped immediately to $0.07 upon news of the crypto hack breaking, and as of this writing has plummeted further to about $0.01 with extremely little trading activity.
Between this lack of activity and community comments broadly indicating belief that the protocol is now permanently compromised, the writing may be on the wall for the embattled project. The Truebit team remains in damage control mode, however, pointing to the fact that it was a legacy contract created some five years ago that opened the door to the crypto hack.
Outdated five-year-old smart contract made crypto hack possible
The crypto hack highlights the risks of lingering outdated deployments and pricing logic that should have been deprecated. Regular audits, appropriate monitoring and timely migration to newer and more secure contracts can prevent this outcome. Better monitoring likely would have thwarted the attackers in this particular case, as after-the-fact security research has determined that the crypto hack was tested out several months in advance with several small transactions in the single-digit thousands of dollars exploiting the same flaw.
Despite optimism from its management, if history is any indication the project is very unlikely to recover from this type of exploit. The vast majority that are hit in this way never recover their full value as users pull out and liquidity shrivels. A suspect has yet to be named, but in these cases the suspicion generally turns first to North Korea’s state-sponsored hacking teams. The hackers closed out 2025 with another $2.02 billion in stolen crypto, most of that consisting of the $1.5 billion theft from Bybit in February. That brought their grand total for crypto hacks to $6.75 billion lifetime, but the FBI has opened up 2026 with a warning that these groups are now shifting tactics and may be shifting focus to stealing valuable espionage information from governments, think tanks and academia. The groups are showing a new focus on sending victims QR codes that lead to a fake login portal, choosing their spearphishing targets carefully and impersonating trusted sources.
Nick Tausek, Lead Security Automation Architect at Swimlane, warns that these attacks can lead to damage beyond just loss of crypto tokens: “The landscape of cryptocurrency cybercrime has changed. What was once mainly made up of scattered, disconnected, and disjointed operations has transformed into infrastructures of massive scale, as groups like North Korea’s Lazarus are able to conduct precisely-executed operations and have stolen millions of dollars in cryptocurrency. With stolen sums increasing year over year, it’s clear that threat actors have found a new favorite get-rich-quick scheme and are investing significant resources to increase the scope, efficiency, and profitability of these attacks. The impact of financial loss doesn’t need to be explained. However, these attacks can also put victims in cyclical danger, as breaches often result in theft of personal data, which can then be used to conduct long-term exploitation campaigns, as well as increase the chances of identity theft or fraud. Over an extended period of time, financial sectors run a much higher risk of loss in customer confidence due to continued attacks, which can damage organizational reputation or potentially lead to organizational failure.”
The Truebit exploit is one of two major breaches in the crypto world that have already taken place in the opening days of 2026, though it is the first to involve a known substantial sum of money. Fintech investment platform Betterment confirmed a breach that took place on January 9, but thus far the incident is thought to have only exposed customer contact information and birth dates and has not involved investment funds or login credentials. The attackers used the stolen info to attempt a cryptocurrency scam, sending a fake investment offer to victims soliciting a $10,000 investment in Bitcoin or Ethereum and promising to triple their funds.
In total, crypto hacks and theft caused cumulative losses of about $3.4 billion in 2025, though there was a small decrease in the total amount stolen from individual wallets. After a big surge between 2020 and 2022, crypto hacks experienced a bit of a lull in 2023 before beginning to climb again starting in 2024.
