After a Truebit Protocol exploit, the TRU token completely collapses

A Truebit Protocol exploit has wiped out nearly $26 million in ETH, causing the TRU token to crash almost 100%. Here’s what happened, why it matters, and what users should know.

Following the confirmation of a security incident involving an Ethereum smart contract by the computation verification protocol, the TRU token of the Truebit Protocol fell to almost zero.

After a Truebit Protocol exploit, the TRU token completely collapses.

The hack depleted nearly 8,535 ETH, or almost $26 million at current pricing. The native TRU coin fell by almost 100% as blockchain security companies hurried to raise the alarm.

Although the “security incident involving malicious actors” was confirmed by Truebit's team, there are still few facts available regarding the remedy. 

Users have been cautioned by the protocol not to engage with the impacted contract until further notice. Truebit promises to provide information via official channels as they become available while collaborating with law enforcement and taking all necessary steps to limit the issue.

Truebit is an early Ethereum system that uses the TRU token to enable on-chain verification of intricate off-chain calculations. Although it never gained widespread acceptance, its architecture influenced subsequent scaling methods.

Experts Indicate Failure in Pricing

The $26 million Truebit hack, according to blockchain security experts, was brought about by a serious weakness in the pricing logic of an antiquated “Purchase” smart contract that was implemented over five years ago without checked source code. 

Because to the vulnerability, attackers could manipulate the minting algorithm with incredibly huge inputs, bringing the computed price of TRU tokens very near to $0.

The protocol's ETH reserves were eventually depleted as a result of their ability to mint enormous amounts for free or pennies and continually sell them back through the bonding curve. 8,535 ETH were stolen as a result of the hack.

The pilfered ETH was swiftly transferred to a minimum of two addresses. Later, a portion of the money was sent via Tornado Cash, a privacy mixer that is frequently used to hide transaction histories. Whether any user-held assets outside of the protocol's reserves were impacted is still unknown.

TRU liquidity is destroyed by market reaction.

The market's response was swift and harsh. TRU lost all of its liquidity and left many holders stranded as it fell more than 99%, from about $0.16 to a fraction of a cent in a matter of hours.

The TRU token has somewhat recovered after more than six hours, and as of this writing, it is currently trading at about $0.03.

Why It's Important

The hack draws attention to a constant concern in cryptography: hidden weaknesses can exist in even well-established systems. Because of its age, Truebit was vulnerable due to its out-of-date code, unverified source, and poor maintenance.