Home
News
Details

Truebit Hit by $26M Exploit as Hackers Target Older DeFi Protocols

iconDL News
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,059.250.62%
This is the logo of the coin.
TRU
$0.004450.67%
This is the logo of the coin.
ETH
$2,059.250.62%
AI summary iconSummary

expand icon
DeFi exploit news broke on January 9, 2026, as Truebit lost $26 million after a hacker exploited a code flaw to steal 8,535 ETH. A second attack drained $300,000 in TRU tokens. The vulnerable contract, deployed in 2021, had no public audit history. Truebit confirmed the incident on X and is working with authorities. On-chain news shows a pattern of attacks on older DeFi protocols, including Balancer, Yearn Finance v1, Rari Capital, and Ribbon Finance. The exploit used an integer overflow vulnerability, a known math flaw in smart contracts.

Truebit, an Ethereum-based verification protocol, has been left reeling after a hacker stole $26 million from the protocol’s reserves. The hacker targeted a bug in the protocol’s code, tricking it into giving away 8,535 Ether tokens at around 4pm London time on Thursday. Shortly after, the protocol was exploited again, with a cybercriminal stealing just under $300,000 worth of the protocol’s TRU token. The impacted smart contract was deployed in 2021, and there is no public record that it had undergone a third-party audit. Truebit has since acknowledged the exploits in an X post. “We are in contact with law enforcement and taking all available measures to address the situation,” the protocol said. The incident comes after cybercriminals stole over $2.5 billion in raids against crypto projects in 2025, DefiLlama data shows. Attacks against older protocols The Truebit attack also highlights a growing trend of hackers targeting smart contracts at older DeFi protocols, Weilin Li, a DeFi security researcher and PhD student at University College London, said in an X post discussing the exploit. In November, a hacker stole $128 million from DeFi liquidity protocol Balancer. The exploited smart contract had been live on Ethereum since 2021 and had undergone multiple audits. Other older DeFi protocols to suffer exploits in recent months include, Yearn Finance’s v1 vaults and Rari Capital, both launched in 2020, and Ribbon Finance, launched 2021. Smart contracts at these protocols were written at a time when fewer developers were aware of critical code vulnerabilities that are now more widely known. Many older DeFi protocols are not actively maintained but still hold significant amounts of crypto, making them prime targets for hackers. Some DeFi developers say the trend can be attributed to hackers using artificial intelligence to find and exploit protocols. Maths problem The Truebit exploit was the result of an attack vector known among security experts as integer overflow — in other words, a maths problem. When a smart contract needs to calculate something, a code error can cause it to produce a number bigger than the maximum limit it can store. This causes the value to wrap around to an unexpectedly small or negative number, which attackers can leverage to bypass security checks, manipulate balances, and steal funds. Integer overflow exploits are not a new phenomenon. Multiple DeFi protocols have fallen victim to them over the years. The prevalence of the issue means those developing and auditing new smart contracts now rigorously check for integer overflows and similar math problems. Still, sometimes such bugs slip through the cracks. In July, Cetus, a decentralised exchange on the Sui blockchain, fell victim to an integer overflow exploit. The bug allowed a hacker to trick the protocol into thinking they had more funds than they did, ultimately leading to the theft of some $220 million worth of crypto. Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.