Truebit failure leads to $26 million theft and collapse of TRU.

• Truebit suffers exploitation in smart contract
• Theft of 8.535 ETH brings down TRU token.
• Cryptocurrency losses fall in December.

Truebit confirmed a vulnerability in a smart contract that resulted in the theft of approximately 8.535 ETH, equivalent to roughly US$26 million at the time. The incident triggered an immediate market reaction, causing the TRU token to lose over 99% of its value in just a few hours.

In a statement published on X, the Truebit team acknowledged “a security incident involving one or more malicious actors” related to a specific smart contract address. The company reported that it is in contact with law enforcement authorities and is “taking all appropriate measures” following the breach, without releasing a detailed technical report at this time.

Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law…

— Truebit (@Truebitprotocol) January 8, 2026

On-chain analysts monitoring the protocol have identified movements that are more extensive than those visible at the initially indicated address. Blockchain investigators, including Lookonchain, observed a pattern of transfers indicating that "the total value of the cryptocurrency stolen in the attack exceeded $26 million," despite some addresses displaying only small amounts of ETH.

The market response was intense. Data from Nansen shows that the TRU fell from around US$0,16 to an all-time low near US$0,0000000029. The rapid spread of information about the exploration contributed to the widespread sell-off, while it was still unclear whether end-user funds held in the protocol had been directly affected.

The Truebit incident occurred in a month marked by other significant security incidents. On December 27, 2025, the Flow Foundation revealed that an attacker exploited a vulnerability in the Flow network to "fake tokens, obtaining approximately $3,9 million." The foundation stated that "no existing user balances were accessed or compromised," highlighting that the attack involved the duplication of assets.

During the same period, Trust Wallet faced a breach in its Chrome browser extension. The company confirmed that version 2.68 contained malicious code, allowing access to sensitive data and the diversion of funds, with estimated losses of around US$7 million. CEO Eowyn Chen stated that the compromised version “was most likely released externally via the Chrome Web Store API key, bypassing our standard release checks.”

Despite the series of high-profile attacks, data from PeckShield indicates that total losses in the sector from exploits fell to approximately US$76 million in December, down from roughly US$194 million in November. This contrast highlights a reduction in the volume of financial losses, even with the persistence of significant flaws in different layers of the cryptocurrency infrastructure.