A smart contract vulnerability has been identified as the root cause of a $26 million exploit at blockchain computation protocol Truebit, exposing ongoing security risks even for long-established crypto projects. The incident allowed an attacker to mint large quantities of TRU tokens at almost zero cost, leading to a 99% crash in the token’s market value.
According to incident analysis the exploit stemmed from a critical integer overflow bug in Truebit’s token purchase contract. The contract was built using Solidity version 0.6.10, which lacked automatic overflow protection. As a result, when certain calculations exceeded the maximum value of uint256, the figures silently wrapped around, reducing the required payment to near zero.
This flaw enabled the attacker to mint millions of dollars’ worth of tokens without supplying ETH, effectively draining the protocol’s reserves. The issue highlights how legacy code and outdated compiler versions can become major attack vectors if not continuously audited.
Truebit has been live on the Ethereum mainnet since April 2021, underscoring that longevity alone does not guarantee security. Industry data shows that smart contract bugs remain the leading cause of crypto exploits, accounting for over 30% of security incidents in 2025.
While phishing and social engineering attacks continue to threaten users, this event reinforces a key lesson: unchecked smart contract logic can still result in catastrophic losses, even years after deployment.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.