Loss Exceeding $26 Million: Analysis of Truebit Protocol Security Incident and Tracking of Stolen Funds Flow

marsbitPublished on 2026-01-09Last updated on 2026-01-09

Abstract

On January 9, the Truebit Protocol suffered an attack resulting in a loss of 8,535.36 ETH (approximately $26.4 million) due to an exploit in a five-year-old unaudited and unopen-sourced contract. The attack involved a suspected arithmetic logic flaw, possibly due to integer truncation, in an unverified function (0xa0296215). The attacker repeatedly called this function with a minimal msg.value to mint a large number of TRU tokens, which were then burned to withdraw ETH from the contract’s reserves. According to Beosin’s analysis, the stolen funds—totaling 8,535.36 ETH—were primarily transferred to two addresses: 0xd12f6e0fa7fbf4e3a1c7996e3f0dd26ab9031a60 (holding 4,267.09 ETH) and 0x273589ca3713e7becf42069f9fb3f0c164ce850a (holding 4,001 ETH). The attacker’s address (0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50) still retains 267.71 ETH. All related addresses have been flagged as high-risk by Beosin KYT. The incident underscores the importance of security audits, contract upgrades, and incorporating emergency pause mechanisms and modern Solidity safety features to mitigate risks in legacy smart contracts.

Author: Beosin

In the early hours of January 9, an unopen-sourced contract deployed by Truebit Protocol 5 years ago was attacked, resulting in a loss of 8,535.36 ETH (worth approximately $26.4 million). The Beosin security team conducted an analysis of the vulnerability and fund tracking for this security incident and shares the results as follows:

Attack Technique Analysis

For this incident, we take the most significant attack transaction as the analysis subject, with the transaction hash: 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

1. The attacker calls getPurchasePrice() to obtain the price

2. Subsequently calls the flawed function 0xa0296215(), setting the msg.value extremely low

Since the contract is not open-source, it is inferred from the decompiled code that this function has an arithmetic logic vulnerability, such as integer truncation issues, allowing the attacker to successfully mint a large number of TRU tokens.

3. The attacker "sells back" the minted tokens to the contract through the burn function, extracting a large amount of ETH from the contract reserves.

This process is repeated 4 more times, with the msg.value increasing each time, until almost all ETH in the contract is extracted.

Stolen Funds Tracking

Based on on-chain transaction data, Beosin conducted a detailed fund tracking through its blockchain on-chain investigation and tracking platform, BeosinTrace, and shares the results as follows:

Currently, the stolen 8,535.36 ETH, after transfers, are mostly held in 0xd12f6e0fa7fbf4e3a1c7996e3f0dd26ab9031a60 and 0x273589ca3713e7becf42069f9fb3f0c164ce850a.

Among them, address 0xd12f holds 4,267.09 ETH, and address 0x2735 holds 4,001 ETH. The address from which the attacker initiated the attack (0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50) still holds 267.71 ETH. There have been no further fund transfers from these three addresses yet.

Stolen Funds Flow Analysis Diagram by Beosin Trace

The above addresses have been marked as high-risk addresses by Beosin KYT. Taking the attacker's address as an example:

Beosin KYT

Conclusion

This stolen fund incident involves an unopen-sourced smart contract from 5 years ago. For such contracts, the project team should upgrade the contract, introduce emergency pause functions, parameter limitations, and new Solidity security features. Furthermore, security audits remain an essential step for contracts. Through security audits, Web3 enterprises can comprehensively detect smart contract code, identify and fix potential vulnerabilities, and enhance contract security.

*Beosin will provide a complete analysis report of all fund flows and address risks for this incident. Welcome to request it via the official email [email protected].

Related Questions

QWhat was the total amount of ETH stolen in the Truebit Protocol security incident?

A8,535.36 ETH, valued at approximately $26.4 million.

QWhich function did the attacker call to exploit the vulnerability in the unopened contract?

AThe attacker called the function 0xa0296215() with a very small msg.value to exploit an arithmetic logic vulnerability, likely due to integer truncation issues.

QHow did the attacker convert the fraudulently minted TRU tokens into ETH?

AThe attacker used the burn function to 'sell back' the minted TRU tokens to the contract, extracting a large amount of ETH from the contract reserves.

QWhat are the two main addresses where the stolen ETH is currently held?

AThe majority of the stolen ETH is held in addresses 0xd12f6e0fa7fbf4e3a1c7996e3f0dd26ab9031a60 (4,267.09 ETH) and 0x273589ca3713e7becf42069f9fb3f0c164ce850a (4,001 ETH).

QWhat security measures does Beosin recommend to prevent such incidents?

ABeosin recommends upgrading the contract to include emergency pause functions, parameter limits, and new Solidity security features, as well as conducting thorough security audits to detect and fix potential vulnerabilities.

Related Reads

Toncoin Fees To Drop 6x As Network Moves Toward Feeless Transactions

Telegram founder Pavel Durov announced that the Toncoin (TON) network will reduce transaction fees by six times in one week, lowering the cost to just 0.00039 TON (approximately $0.0005). This fee reduction is part of the "Make TON Great Again" (MTONGA) roadmap and will remain fixed regardless of network congestion. The update follows a recent upgrade that made the network 10 times faster and transactions nearly instant. Durov also hinted that future steps aim to make most transactions fully feeless. Although Telegram discontinued formal involvement with TON due to regulatory issues, Durov remains a strong supporter. Currently, Toncoin is trading around $1.30, down over 8% in the past week.

bitcoinist26m ago

Toncoin Fees To Drop 6x As Network Moves Toward Feeless Transactions

bitcoinist26m ago

a16z: AI's 'Amnesia', Can Continuous Learning Cure It?

The article "a16z: AI's 'Amnesia' – Can Continual Learning Cure It?" explores the limitations of current large language models (LLMs), which, like the protagonist in the film *Memento*, are trapped in a perpetual present—unable to form new memories after training. While methods like in-context learning (ICL), retrieval-augmented generation (RAG), and external scaffolding (e.g., chat history, prompts) provide temporary solutions, they fail to enable true internalization of new knowledge. The authors argue that compression—the core of learning during training—is halted at deployment, preventing models from generalizing, discovering novel solutions (e.g., mathematical proofs), or handling adversarial scenarios. The piece introduces *continual learning* as a critical research direction to address this, categorizing approaches into three paths: 1. **Context**: Scaling external memory via longer context windows, multi-agent systems, and smarter retrieval. 2. **Modules**: Using pluggable adapters or external memory layers for specialization without full retraining. 3. **Weights**: Enabling parameter updates through sparse training, test-time training, meta-learning, distillation, and reinforcement learning from feedback. Challenges include catastrophic forgetting, safety risks, and auditability, but overcoming these could unlock models that learn iteratively from experience. The conclusion emphasizes that while context-based methods are effective, true breakthroughs require models to compress new information into weights post-deployment, moving from mere retrieval to genuine learning.

marsbit34m ago

a16z: AI's 'Amnesia', Can Continuous Learning Cure It?

marsbit34m ago

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

An individual manipulated a weather sensor at Paris Charles de Gaulle Airport with a portable heat source, causing a Polymarket weather market to settle at 22°C and earning $34,000. This incident highlights a fundamental issue in prediction markets: when a market aims to reflect reality, it also incentivizes participants to influence that reality. Prediction markets operate on two layers: platform rules (what outcome counts as a win) and data sources (what actually happened). While most focus on rules, the real vulnerability lies in the data source. If reality is recorded through a specific source, influencing that source directly affects market settlement. The article categorizes markets by their vulnerability: 1. **Single-point physical data sources** (e.g., weather stations): Easily manipulated through physical interference. 2. **Insider information markets** (e.g., MrBeast video details): Insiders like team members use non-public information to trade. Kalshi fined a剪辑师 $20,000 for insider trading. 3. **Actor-manipulated markets** (e.g., Andrew Tate’s tweet counts): The subject of the market can control the outcome. Evidence suggests Tate’sociated accounts coordinated to profit. 4. **Individual-action markets** (e.g., WNBA disruptions): A single person can execute an event to profit from their pre-placed bets. Kalshi and Polymarket handle these issues differently. Kalshi enforces strict KYC, publicly penalizes insider trading, and reports to regulators. Polymarket, with its anonymous wallet-based system, has historically been more permissive, arguing that insider information improves market accuracy. However, it cooperated with authorities in the "Van Dyke case," where a user traded on classified government information. The core paradox is reflexivity: prediction markets are designed to discover truth, but their financial incentives can distort reality. The more valuable a prediction becomes, the more likely participants are to influence the event itself. The market ceases to be a mirror of reality and instead shapes it.

marsbit1h ago

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

marsbit1h ago

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

A crypto analyst, Crypto Patel, predicts that Dogecoin (DOGE) could rally to $2, despite currently trading below $0.10. The analyst identifies a key accumulation zone between $0.07 and $0.09, where DOGE has repeatedly tested support without breaking down. Based on a bi-weekly chart using Elliott Wave theory, DOGE is in a Wave 4 consolidation phase within a descending channel. A bounce from this support is expected to trigger a Wave 5 rally, projecting a 2,767% surge toward $2. Price targets are set sequentially at $0.50, $1, and $2, with a stop-loss below $0.048. For a bullish trend reversal, DOGE must break above the $0.10 resistance level, which was recently rejected in April. Analysts emphasize that market conditions and a confirmed higher high are critical for the projected uptrend.

bitcoinist1h ago

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

bitcoinist1h ago

Weekly Editor's Picks (0418-0424)

Weekly Editor's Picks (0418-0424) provides in-depth analysis on key developments across macro trends, crypto markets, and policy. Key topics include the oil market nearing a physical supply crisis due to shipping disruptions, even if the Strait of Hormuz reopens. In crypto, reports cover global consumer crypto adoption, a data-driven strategy for trading volatile altcoins, and the state of VC funding. Prediction markets like Polymarket are analyzed not as pure event-guessing games but as systems where understanding legalistic rules creates an edge. Major DeFi protocol Aave is criticized for poor crisis management amid a $300M exploit, while the controversial structure of World Liberty Financial is examined. Other highlights include policy updates like the CLARITY Act, Ethereum’s, airdrop opportunities, and weekly recaps of major incidents like the Kelp DAO hack and SpaceX's AI disclosures.

marsbit2h ago

Weekly Editor's Picks (0418-0424)

marsbit2h ago

Trading

Spot
Futures
活动图片