Truebit Hack

On January 8, 2026, Truebit, a computation-verification protocol, lost about $26.4 million in the first major crypto hack of the year, confirmed by CertiK and PeckShield. The attacker exploited a minting vulnerability in a roughly five-year-old contract that had been deployed long earlier and largely forgotten, allowing TRU tokens to be minted at virtually no cost and then burned to drain value, with about 8,500 ETH siphoned to two attacker addresses. PeckShield linked the same actor to a smaller exploit involving Sparkle about twelve days earlier. The TRU token collapsed close to 100% within 24 hours, with CoinGecko flagging an exploit warning. The case is a textbook example of the long-tail risk of deprecated or unmaintained contracts that still hold value or retain mint authority, and reinforced the need to inventory, revoke, and decommission legacy contracts and to audit historical deployments rather than only new code.