On January 8, 2026, the Truebit Protocol was attacked by hackers, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The Truebit Protocol team confirmed this in a post early the next morning. The ExVul security team conducted a detailed vulnerability analysis of the attack, and the findings are as follows:

Attack Process

Attacker Address:

0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50

Attack Transaction Hash:

0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

The attacker completed the attack by looping 4 rounds of calling getPurchasePrice→0xa0296215→0xc471b10b, taking the first loop as an example for analysis.

1. The attacker first calls the getPurchasePrice(240442509453545333947284131) function, which returns 0.

2. The attacker calls the 0xa0296215(c6e3ae8e2cbab1298abaa3) function, with msg.value being 0. Ultimately, 240442509453545333947284131 TRU tokens are successfully minted.

3. The attacker calls the 0xc471b10b(c6e3ae8e2cbab1298abaa3) function. Finally, 240442509453545333947284131 TRU tokens are destroyed, and the attacker receives 5105.06 ETH.

Attack Logic Analysis

By understanding the above attack process, it is evident that there is a logical issue with the getPurchasePrice function and the 0xa0296215 function. Below is a deeper analysis (since the contract is not open source, the following code is decompiled code).

By comparing the common points of the two functions, we can find that the 0x1446 function is used to determine how much ETH is needed to purchase a specified amount of TRU. Clearly, there is a logical issue in the 0x1446 function, leading to incorrect ETH calculations. Below is a detailed analysis of the logic in the 0x1446 function.

Observing the logic in the 0x1446 function, since the final calculation result v13 == 0, there must be an issue with the calculation logic mentioned above. It is important to understand that the 0x18ef function is the same as _SafeMul, so the problem lies in the use of native addition v12 + v9 (the contract version is ^0.6.10, so there is no overflow check).

v12 and v9 represent:

From the above analysis, the attacker's strategy was to input a huge _amountIn, causing v12 + v9 to overflow into a very small value, ultimately making (v12 + v9) / v6 == 0.

Conclusion

The fundamental reason for the Truebit Protocol attack is the serious integer overflow vulnerability in its token purchase price calculation logic. Since the contract uses Solidity version ^0.6.10 and does not perform safety checks on key arithmetic operations, it ultimately resulted in a significant loss of 8,535.36 ETH. The new version of Solidity has already mitigated overflow vulnerabilities. This attack appears to be a result of hackers using AI to automatically scan for vulnerabilities in older DeFi protocols that have already been launched (including recent attacks on Balancer and yETH). We believe that such AI-driven attacks on older DeFi protocols will become increasingly common, so we recommend that project teams conduct new security audits of their contract code. If vulnerabilities are found, they should promptly upgrade the contract or transfer assets, and ensure on-chain monitoring to detect anomalies in a timely manner, minimizing losses.