A bug in a <button class="define-target" id="smart-contract">smart contract</button> belonging to the Ethereum-based Truebit project allowed an attacker to steal 8,535&nbsp;ETH (~$26.4&nbsp;million). The thief targeted one of the project's older contracts — deployed in 2021 — which contained a bug in which the price calculation to <button class="define-target" id="mint">mint</button> sufficiently large quantities of the protocol's TRU token would <a href="https://en.wikipedia.org/wiki/Integer_overflow" target="_blank">overflow</a>, erroneously allowing people to mint large amounts of TRU for next to nothing. The exploiter took advantage of this by minting TRU and swapping it for ETH, ultimately causing the TRU token price to crash 99.9%. Another subsequent attack saw around $300,000 more drained from the project.<p>Truebit acknowledged the hack and urged users not to interact with the vulnerable smart contract.</p>

"Truebit token crashes 99.9% after hacker drains $26.6 million in ether"

"Truebit hit by $26m exploit as attackers increasingly target older DeFi protocols"

Archived tweet

Tweet by Truebit: