A Calculation Vulnerability Led to the Theft of 8,535 ETH from Truebit

marsbitPublished on 2026-01-13Last updated on 2026-01-13

Abstract

On January 8, 2026, the Truebit Protocol was exploited, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The attack involved a critical integer overflow vulnerability in the token purchase price calculation function. The attacker executed four rounds of transactions by calling functions getPurchasePrice, 0xa0296215, and 0xc471b10b. In the first round, the attacker called getPurchasePrice with a large input value (240442509453545333947284131), which returned 0 due to an arithmetic flaw. Then, they invoked function 0xa0296215 with msg.value = 0, successfully minting a massive amount of TRU tokens. Finally, by calling function 0xc471b10b, they burned the minted tokens and received 5,105.06 ETH. The root cause was an unchecked addition operation (v12 + v9) in the price calculation logic (function 0x1446), which overflowed to a small value, making (v12 + v9) / v6 = 0. The contract used Solidity ^0.6.10 without overflow checks, enabling the exploit. This incident highlights the risks of older DeFi protocols with unpatched vulnerabilities, possibly identified through AI-assisted scanning. Projects are advised to conduct security audits, upgrade contracts, and monitor链上 activity to mitigate such threats.

On January 8, 2026, the Truebit Protocol was hacked, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The Truebit Protocol officially confirmed the incident in the early hours of the following day. The ExVul security team conducted a detailed analysis of the vulnerability, with the results as follows:

Attack Process

Attacker's address:

0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50

Attack transaction hash:

0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

The attacker completed the attack by cyclically calling getPurchasePrice→0xa0296215→0xc471b10b for four rounds. The first cycle is analyzed as an example.

1. The attacker first called the getPurchasePrice(240442509453545333947284131) function, which returned 0.

2. The attacker called the 0xa0296215(c6e3ae8e2cbab1298abaa3) function with msg.value as 0. Finally, 240442509453545333947284131 TRU were successfully minted.

3. The attacker called the 0xc471b10b(c6e3ae8e2cbab1298abaa3) function. Finally, 240442509453545333947284131 TRU were burned, and 5105.06 ETH were obtained.

Attack Logic Analysis

By understanding the above attack process, it is clear that there is an issue with the logic of the getPurchasePrice function and the 0xa0296215 function. The following is an in-depth analysis (since the contract is not open source, the code below is decompiled).

By comparing the common points of the two functions, we can see that the 0x1446 function is used to calculate how much ETH is needed to purchase a specified amount of TRU. Clearly, the logic of the 0x1446 function is flawed, leading to an incorrect ETH calculation. The logic within the 0x1446 function is analyzed in detail below.

Observing the logic in the 0x1446 function, since the final calculation result v13 == 0, the calculation logic mentioned above must be problematic. It is important to note that the 0x18ef function is the same as _SafeMul, so the issue lies in the native addition v12 + v9 (the contract version is ^0.6.10, so there is no overflow check).

v12 and v9 represent:

Based on the above analysis, the attacker's strategy was to input a huge _amountIn to cause v12 + v9 to overflow into a very small value, ultimately resulting in (v12 + v9) / v6 == 0.

Summary

The root cause of the Truebit Protocol attack is a severe integer overflow vulnerability in its token purchase price calculation logic. Since the contract uses Solidity ^0.6.10 and lacks safety checks for critical arithmetic operations, it ultimately led to a significant loss of 8,535.36 ETH. The latest versions of Solidity have already mitigated overflow vulnerabilities. This attack was likely discovered by hackers using AI to automatically scan older DeFi protocols that are already live (including recent attacks on Balancer and yETH). We believe such attacks exploiting AI to target older DeFi protocols will become increasingly common in the near future. Therefore, we recommend that project teams conduct new security audits of their contract code. If vulnerabilities are found, they should upgrade the contract or transfer assets as soon as possible, and implement on-chain monitoring to detect anomalies promptly and minimize losses.

Trending Cryptos

ctr
CitreaCTR
wstusdt
wrapped stUSDTWSTUSDT
apr
aPrioriAPR
ctx
Cryptex FinanceCTX
audio
AudiusAUDIO
mantra
MantraMANTRA
xvs
VenusXVS
waxl
AxelarWAXL
bill
Billions NetworkBILL
pyth
PYTH (Pyth)PYTH
rune
THORChainRUNE
velodrome
Velodrome FinanceVELODROME
brev
BrevisBREV
zrx
ZRX(0X)ZRX
cake
PancakeSwapCAKE

Related Questions

QWhat was the main vulnerability exploited in the Truebit Protocol attack?

AThe main vulnerability was an integer overflow issue in the token purchase price calculation logic, specifically in the `getPurchasePrice` function, which allowed the attacker to manipulate calculations and mint a large number of TRU tokens without paying the required ETH.

QHow much ETH was stolen in the Truebit Protocol attack?

A8,535.36 ETH, which was approximately equivalent to $26.44 million at the time of the attack.

QWhat was the attacker's address involved in the Truebit exploit?

AThe attacker's address was 0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50.

QWhich Solidity version was the Truebit Protocol contract using, and why was it significant?

AThe contract was using Solidity ^0.6.10, which did not have built-in overflow checks for arithmetic operations. This lack of safety checks allowed the integer overflow vulnerability to be exploited.

QWhat was the key step the attacker took to trigger the integer overflow vulnerability?

AThe attacker input a very large value for `_amountIn` in the `getPurchasePrice` function, causing the calculation `v12 + v9` to overflow and result in a very small value, ultimately making `(v12 + v9) / v6` equal to zero, which allowed minting tokens without cost.

Related Reads

If It's Not a Clear Yes, It's a No: A Nine-Year Retrospective by a VC Who Survived Four Cycles

**"Invest Only When Certain": A Nine-Year Retrospective from a VC Across Four Cycles** IOSG founder Jocy shares hard-earned lessons from nine years and over a hundred investments in Web3. The core challenge isn't identifying successful founders, but understanding why talented founders with solid ideas still fail. Through building a "failed founder database," IOSG identified six recurring failure patterns. **Founder Trait Red Flags:** 1. **Emotionally Unstable:** Founders who react defensively to criticism or publicly lash out under pressure (e.g., 80% drawdowns) often fail. Resilience is key. 2. **Lacking Hunger / Having a Fallback:** Founders with significant safety nets (family wealth, cushy fallback jobs) may lack the "do-or-die" commitment needed to survive crypto's brutal cycles. 3. **Unchecked Ego:** Includes "polished execution machines" who excel in known frameworks but struggle when paradigms shift, and "professor-types" who are technically brilliant but resistant to commercial feedback or coaching. **Project Structure Red Flags:** 4. **Token-First, Not Product-First:** Treating the token solely as a fundraising tool with no real utility or connection to product value is a major warning sign. The project should have value even if the token goes to zero. 5. **No Day-1 Exit Thesis:** Founders must have a clear, staged capital strategy from the start, understanding what each funding round needs to prove to unlock the next. "Exit before entry" is crucial. 6. **No Full-Cycle Experience:** Founders who haven't lived through a complete crypto bull/bear cycle (e.g., 2018, 2022) often underestimate their vulnerability. IOSG limits initial checks for such teams to $250k, sizing for risk. **The Positive Flipside: Desirable Founder Traits** The ideal candidate exhibits: obsessive problem-depth, being a second-time founder with a non-consensus vision, strong communication skills with *controlled* ego, relentless perseverance, and a global perspective with agency and taste (increasingly vital in the AI era). **Three Survival Tips for Founders:** 1. **Cash Flow Over Narrative:** Real revenue is what sustains projects, not vanity metrics. 2. **Tokens Are a Liability:** Avoid issuing a token unless absolutely necessary. The hidden costs (market making, liquidity, compliance) are immense, often a multi-million-dollar burden. 3. **Respect Liquidity:** Sell during peaks to build treasury, buy back to support the protocol during troughs. Be realistic about valuations and your ability to deliver for the next round. The final principle is simple yet paramount: **"If it's a borderline 'yes' or 'no,' don't invest."** In an industry that reinvents itself every few years, the discipline to consistently say "no" is the ultimate secret to longevity.

Foresight News14m ago

If It's Not a Clear Yes, It's a No: A Nine-Year Retrospective by a VC Who Survived Four Cycles

Foresight News14m ago

Zuckerberg’s Meta Makes a Move Into Prediction Markets With Arena

Meta, under CEO Mark Zuckerberg, is developing a new standalone prediction market platform called Arena. This move will position the tech giant in direct competition with established platforms like Polymarket and Kalshi, capitalizing on the sector's rapid growth. Arena will initially operate independently of Meta's core apps (Facebook, Instagram, etc.) and feature a points-based game rather than real-money betting, though monetization may be considered in the future. This isn't Meta's first foray into prediction markets; it previously launched and later discontinued the Forecast app in 2022. The broader prediction market sector has seen a significant boom, with users speculating on events from politics to sports, and trading volumes reaching an estimated $130 billion this year. The trend is gaining mainstream attention, exemplified by Trump Media's plans to integrate prediction markets into Truth Social. Given Meta's vast global user base of nearly 3.56 billion daily users, even modest engagement with Arena could dramatically expand participation in prediction markets. Its entry is expected to intensify competition for existing players while potentially validating and mainstreaming the entire prediction market model.

TheNewsCrypto30m ago

Zuckerberg’s Meta Makes a Move Into Prediction Markets With Arena

TheNewsCrypto30m ago

SemiAnalysis Deep Dive into CXMT: $50 Billion Revenue, An IPO Amidst a Supercycle

SemiAnalysis' in-depth report on ChangXin Memory Technologies (CXMT) details its rapid rise as China's largest upcoming semiconductor IPO. Founded in 2016 by Zhu Yiming, CXMT built its DRAM foundation on acquired patents and talent from the bankrupt German firm Qimonda. It achieved its first annual profit in 2025 after nearly a decade of significant capital support, primarily from patient Hefei municipal investors who fostered a local supply chain. The company is now capitalizing on a strong DRAM supercycle. Its revenue soared from ~$3.3B in 2024 to ~$8.6B in 2025, with Q1 2026 alone reaching ~$7.3B. SemiAnalysis projects full-year 2026 revenue could exceed $50B, driven by soaring ASPs rather than massive market share gains. While CXMT is closing the capacity gap with Micron, its product mix remains heavily focused on commodity DDR/LPDDR, which currently offers higher margins than its nascent HBM business. CXMT faces significant challenges in HBM, struggling with yield and stability for HBM3 8-Hi stacks while lagging behind the big three (Samsung, SK Hynix, Micron) in advanced nodes. However, strategic national priorities for AI self-sufficiency may push it to accelerate HBM capacity. Its complex IPO structure reveals heavy state-backed ownership and voting control over its fabs, with Alibaba appearing as both a key cloud customer and a minority shareholder. The IPO aims to raise ~$4.1B, primarily to strengthen its core DRAM manufacturing base.

marsbit34m ago

SemiAnalysis Deep Dive into CXMT: $50 Billion Revenue, An IPO Amidst a Supercycle

marsbit34m ago

From Corning to Ciena: The 10x Opportunity in the AI Optical Communication Chain

The transition from copper to optical communication in AI data centers is creating significant investment opportunities beyond just chipmakers. The entire photonics supply chain, from glass and fiber to connectors and test equipment, is critical. Corning, a key fiber supplier, has locked in multi-billion dollar, multi-year contracts with major cloud providers (Meta, Amazon, Google, Microsoft, OpenAI, NVIDIA), demonstrating pricing power and scale. Its profit growth is outpacing revenue growth. In the interconnect layer, Amphenol benefits from high growth in AI data centers, driven by strategic acquisitions and operational efficiency, while Credo Technology acts as a bridge between copper and optical solutions, though with high customer concentration risk. At the systems level, Ciena enables higher data capacity on existing fiber lines, with a strong backlog and cloud customer adoption. Further upstream, AXT is a bottleneck supplier of key indium phosphide wafers for lasers but faces geopolitical supply chain risks. VEO Solutions provides essential testing equipment for the entire photonics industry. A new pure-play photonics ETF (FOTO) offers a consolidated investment approach. The core thesis is that the physical limits of copper are driving an inevitable shift to optical technologies, with wealth flowing to essential, often overlooked, suppliers across the photonics value chain.

marsbit46m ago

From Corning to Ciena: The 10x Opportunity in the AI Optical Communication Chain

marsbit46m ago

Collector Crypt's DAU Is Only 800, Yet It's Already One of Crypto's Most Profitable Projects?

"Collector Crypt: A Highly Profitable Crypto Project with Only 800 Daily Active Users?" Collector Crypt (CARDS) is a crypto project tokenizing physical graded trading cards (primarily Pokémon) on Solana, achieving significant real-world profitability and growth. According to a Maelstrom Fund analysis, it generated approximately $53M in annualized profit in May, with a June run-rate nearing $109M, against a $550M FDV. Its core revenue driver is a digital pack-opening 'Gacha' system. The platform bulk-buys cards at a 5-15% discount. Users can open digital packs and choose to keep cards or sell them back to the platform at a 7-15% discount to market price. Most users sell back common cards, creating an efficient model: users get packs with a ~2% positive expected value, while Collector Crypt captures ~4.5% profit. The project aims to disrupt the inefficient $22.2B GMV (Q1 2026) eBay trading card market, which charges sellers 16-20% in total fees. Collector Crypt offers 2% fees, instant settlement, insured custody, and one-click trading. Beyond Gacha, future revenue streams include secondary market trading fees, infrastructure partnerships, and an eBay "snipe" tool. It holds ~$23M in card inventory and ~$10M in cash, and has already begun token buybacks. With a total supply of 2B tokens, effective circulation post-2027 unlocks is estimated at ~1.3B. Trading primarily on DEXs has so far limited large institutional entry. The project is expanding into sports cards and attracting Web2 users. Maelstrom Fund's price target is $4 by summer's end, positioning Collector Crypt at the forefront of migrating collectibles on-chain.

Foresight News58m ago

Collector Crypt's DAU Is Only 800, Yet It's Already One of Crypto's Most Profitable Projects?

Foresight News58m ago

Trading

Spot
Futures

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of ETH (ETH) are presented below.

活动图片

Top Questions