How a hacker got trillions of tokens for free: why the Truebit project was exploited

On January 8, 2026, the decentralized off-chain computation protocol Truebit Protocol was exploited. By abusing a smart contract vulnerability, the attacker extracted roughly 8,535 ETH (about $26.44 million). GetBlock AML Research presents a detailed breakdown of the incident.

Root cause

Due to the absence of overflow protection in an integer addition operation, the Truebit Purchase smart contract incorrectly calculated the amount of ETH required to mint TRU tokens.

As a result, a calculation error caused the final price to be evaluated as zero. This allowed the attacker to mint an enormous number of tokens virtually for free and then drain ETH from the contract’s reserves.

Background

Truebit Protocol is a decentralized marketplace for off-chain computation. It is designed to handle complex computational tasks outside the main blockchain, while correctness is enforced through economic incentives.

The protocol uses its native TRU token, which follows an algorithmic elastic supply model. The token’s real-time price is calculated automatically based on:

• the amount of ETH held in the contract’s reserve;
• the total supply of TRU in circulation.

ВMinting and burning of TRU are fully controlled by smart contracts:

• Minting: a user deposits ETH into the Purchase contract and receives TRU at an algorithmically determined price.
• Burning: a user burns TRU and receives ETH back using the same pricing formula.

Attack analysis

Attack flow

1. The attacker first called the getPurchasePrice function of the Purchase contract to calculate how much ETH was required to mint 240,442,509,453,545,333,947,284,131 TRU.

By carefully selecting this value, an integer overflow occurred, and the function returned a price of 0 ETH.

2. The attacker then called the mint function with the specified TRU amount. Since the calculated price was zero, no ETH was paid and the full amount of TRU was minted successfully.

3. Immediately afterward, the attacker called function 0xc471b10b (the burn function), destroyed all newly minted TRU, and withdrew 5,105.069 ETH from the contract’s reserves.

4. The attacker repeatedly executed the “mint → burn” cycle.

As the total TRU supply (S) increased, subsequent mint operations required small amounts of ETH. However, the value of the tokens received still far exceeded the cost, creating a persistent arbitrage opportunity. The attacker continued until the contract’s ETH reserves were fully drained.

Mechanics of the vulnerability

Analysis of the Purchase contract revealed the core pricing formula:

Price = (100 × A² × R + 200 × A × R × S) / ((100 − T) × S²)

Where:

• A (AmountIn): number of tokens the user wants to mint
• R (Reserve): current ETH reserve in the contract
• S (Supply): total token supply
• T (THETA): contract parameter fixed at 75

Why the bug existed

The contract was compiled using Solidity version 0.6.10.

In Solidity versions below 0.8.0, arithmetic operations such as +, -, and * do not include built-in overflow checks. When a calculation exceeds the maximum uint256 value (2²⁵⁶ − 1), the value silently wraps around to a much smaller number.

While multiplication operations were protected using SafeMath, the addition in the numerator (v12 + v9) relied on a raw + operator without overflow protection. This missing check was the core vulnerability.

Impact

By carefully selecting the AmountIn parameter, the attacker achieved the following:

• All multiplication operations passed SafeMath checks without reverting;
• The addition overflowed, causing the numerator to wrap to a very small value;
• The final division resulted in a price of zero.

This allowed the attacker to mint massive quantities of tokens without paying ETH.

On-chain fund movements

As a result of the attack, the attacker obtained approximately 8,535 ETH (around $26.44 million). The stolen assets were first split across three newly created addresses and then fully sent to Tornado Cash.

Links between the attacker’s addresses and Tornado Cash. Visualization: MistTrack

Transaction history also shows prior activity linked to the attacker’s address:

• Nov. 20, 2025: received funds on Avalanche via a drainer and bridged them to BNB Chain using Rhino.fi.
• Dec. 6, 2025: bridged funds from BNB Chain to Ethereum via Rhino.fi.
• Dec. 27, 2025: received 4.98 ETH on Ethereum via RUN (likely from a prior exploit), after which a total of 5 ETH was sent to Tornado Cash.

Transactions involving the attacker’s address prior to the Truebit attack. Visualization: MistTrack

The related addresses were flagged as suspicious.

What this means

The exploit was caused by an unprotected addition operation in the numerator of the pricing formula in the Purchase contract.

Because the contract was compiled with Solidity 0.6.10, the + operator did not perform overflow checks. By selecting a specific mint amount, the attacker triggered a uint256 overflow that reduced the calculated price to zero. This enabled near-free minting and profitable arbitrage through repeated burn operations.

For contracts using Solidity versions below 0.8.0, it is critical that all arithmetic operations are protected with overflow-checking libraries. Failing to do so can lead to severe logical vulnerabilities like the one exploited in the Truebit attack.