The project team advised clients not to interact with this contract. Truebit management has engaged law enforcement to investigate the incident.

Independent blockchain researcher Weilin Li linked the data leak to a vulnerability in an outdated smart contract deployed approximately five years ago. The leak occurred due to a broken token creation function in the contract—this pricing error allowed attackers to issue TRU tokens at greatly reduced prices, Li explained.

The blockchain detective discovered that two attackers exploited the vulnerability. One was much luckier than the other—he managed to get around $26 million, while the other only got $250,000. Lee warned that hackers are increasingly targeting old contracts that weren't originally designed to withstand sophisticated attacks.

The price of the native TRU token reacted to the incident and completely collapsed, falling from $0.16 to $0.0000000007209. The cryptoasset's market capitalization is currently near zero.

Attacks on DeFi projects have increased significantly in recent months. In November, the decentralized exchange Balancer lost over $120 million when attackers exploited a bug in its Composable Stable pools version 2. Earlier, Chainalysis CEO Jonathan Levin identified the main vulnerabilities of DeFi protocols: errors in smart contract code, a lack of auditing, and weak protection of administrator access keys.