Liquidity Evaporates in Minutes
The native token of the Truebit Protocol (TRU) has effectively gone to zero, shedding over 99% of its value in early trading Thursday after security firm Cyvers flagged a massive unauthorized withdrawal. An attacker drained approximately 8,535 ETH, worth roughly $26.4 million at current prices, from the protocol’s "Purchase" contract in a single transaction.
The Exploit Vector
According to on-chain data, the breach targeted a vulnerability within the Truebit smart contract infrastructure. The attacker executed a transaction that interacted with the Truebit Protocol: Purchase contract, bypassing verification checks to siphon the entirety of the contract’s ETH holdings.
"Our system has detected a suspicious transaction with an estimated loss of $26M. An address received around 8,535 ETH…". Cyvers Alerts
Following the theft, the perpetrator immediately began laundering the funds. On-chain tracking shows nearly 50% of the stolen Ethereum has already been routed through Tornado Cash, the sanctioned privacy mixer, complicating recovery efforts.
Market Impact & Ticker Confusion
The market reaction was instantaneous. Truebit’s token liquidity on decentralized exchanges (DEXs) was wiped out, sending the price to $0.00008.
Note on Ticker Symbols: Traders should distinguish this asset from TrueFi (TRU), a separate uncollateralized lending protocol. While both projects utilize the "TRU" ticker on various platforms, TrueFi remains unaffected by this exploit, though its token price has seen volatility due to the name collision.
Silence from the Team
As of press time, the Truebit Protocol team has not issued an official statement, paused contracts, or provided post-mortem details on their official channels. The silence has exacerbated panic among holders, leaving the community to rely solely on third-party security firms for updates.
