- An attacker exploited a smart-contract bug to mint about $26 million worth of TRU tokens at almost no cost.
- The flaw stemmed from integer overflow in the Purchase contract, which reduced price calculations to near zero.
- The contract used Solidity 0.6.10, which lacked built-in overflow checks, causing silent wraparound on uint256 overflow.
- Security firm SlowMist published a detailed post-mortem of the incident.
- Industry data show smart-contract bugs were the top attack vector in 2025, while phishing and account compromises remained major threats.
An attacker exploited a smart-contract logic error in the offline computation protocol Truebit, minting roughly $26 million in TRU tokens at almost no cost and triggering a roughly 99% crash in the TRU price. The incident occurred on the protocol’s deployed contracts, and the vulnerability let the attacker drain contract reserves by creating large token amounts without paying the required ETH.
Security firm SlowMist published a detailed analysis explaining the root cause. “Due to a lack of overflow protection in an integer addition operation, the Purchase contract of Truebit Protocol produced an incorrect result when calculating the amount of ETH required to mint TRU tokens,” the report said. That error caused price calculations to be “erroneously reduced to zero,” enabling near-free minting.
The contract was compiled with Solidity 0.6.10, a version that did not include built-in overflow checks. Calculations that exceeded the maximum uint256 value triggered a “silent overflow” and could “wrap around a small value near zero.” The exploit leveraged this wraparound to subvert the purchase logic.
The incident highlights ongoing risks in established projects; Truebit launched on the Ethereum mainnet in April 2021. Separately, AI agents have demonstrated the ability to find smart-contract flaws: a research paper reported AI-discovered exploits valued at $4.6 million during testing.
Broader industry data from SlowMist’s 2025 report show smart-contract vulnerabilities were the largest attack vector that year, with 56 incidents and 30.5% of exploits. Account compromises numbered 50 incidents (24%), and private key leaks accounted for 8.5%. Phishing remained costly: security firm CertiK recorded $722 million stolen across 248 phishing incidents in 2025, down 38% from about $1 billion the prior year. For a related video, see this coverage clip.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- BRICS de-dollarization surges as ruble, yuan dominate trade.
- CLARITY draft limits stablecoin yields, banks gain edge 2026
- Wrench attacks surge in France: crypto exec, family tied-up!
- Standard Chartered: Ethereum Poised for $7,500 ATH for 2026.
- Senate Delays CLARITY Act; XRP, SOL, DOGE, LINK Gain Parity.
