A Calculation Vulnerability Led to the Theft of 8,535 ETH from Truebit

marsbitPublished on 2026-01-13Last updated on 2026-01-13

Abstract

On January 8, 2026, the Truebit Protocol was exploited, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The attack involved a critical integer overflow vulnerability in the token purchase price calculation function. The attacker executed four rounds of transactions by calling functions getPurchasePrice, 0xa0296215, and 0xc471b10b. In the first round, the attacker called getPurchasePrice with a large input value (240442509453545333947284131), which returned 0 due to an arithmetic flaw. Then, they invoked function 0xa0296215 with msg.value = 0, successfully minting a massive amount of TRU tokens. Finally, by calling function 0xc471b10b, they burned the minted tokens and received 5,105.06 ETH. The root cause was an unchecked addition operation (v12 + v9) in the price calculation logic (function 0x1446), which overflowed to a small value, making (v12 + v9) / v6 = 0. The contract used Solidity ^0.6.10 without overflow checks, enabling the exploit. This incident highlights the risks of older DeFi protocols with unpatched vulnerabilities, possibly identified through AI-assisted scanning. Projects are advised to conduct security audits, upgrade contracts, and monitor链上 activity to mitigate such threats.

On January 8, 2026, the Truebit Protocol was hacked, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The Truebit Protocol officially confirmed the incident in the early hours of the following day. The ExVul security team conducted a detailed analysis of the vulnerability, with the results as follows:

Attack Process

Attacker's address:

0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50

Attack transaction hash:

0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

The attacker completed the attack by cyclically calling getPurchasePrice→0xa0296215→0xc471b10b for four rounds. The first cycle is analyzed as an example.

1. The attacker first called the getPurchasePrice(240442509453545333947284131) function, which returned 0.

2. The attacker called the 0xa0296215(c6e3ae8e2cbab1298abaa3) function with msg.value as 0. Finally, 240442509453545333947284131 TRU were successfully minted.

3. The attacker called the 0xc471b10b(c6e3ae8e2cbab1298abaa3) function. Finally, 240442509453545333947284131 TRU were burned, and 5105.06 ETH were obtained.

Attack Logic Analysis

By understanding the above attack process, it is clear that there is an issue with the logic of the getPurchasePrice function and the 0xa0296215 function. The following is an in-depth analysis (since the contract is not open source, the code below is decompiled).

By comparing the common points of the two functions, we can see that the 0x1446 function is used to calculate how much ETH is needed to purchase a specified amount of TRU. Clearly, the logic of the 0x1446 function is flawed, leading to an incorrect ETH calculation. The logic within the 0x1446 function is analyzed in detail below.

Observing the logic in the 0x1446 function, since the final calculation result v13 == 0, the calculation logic mentioned above must be problematic. It is important to note that the 0x18ef function is the same as _SafeMul, so the issue lies in the native addition v12 + v9 (the contract version is ^0.6.10, so there is no overflow check).

v12 and v9 represent:

Based on the above analysis, the attacker's strategy was to input a huge _amountIn to cause v12 + v9 to overflow into a very small value, ultimately resulting in (v12 + v9) / v6 == 0.

Summary

The root cause of the Truebit Protocol attack is a severe integer overflow vulnerability in its token purchase price calculation logic. Since the contract uses Solidity ^0.6.10 and lacks safety checks for critical arithmetic operations, it ultimately led to a significant loss of 8,535.36 ETH. The latest versions of Solidity have already mitigated overflow vulnerabilities. This attack was likely discovered by hackers using AI to automatically scan older DeFi protocols that are already live (including recent attacks on Balancer and yETH). We believe such attacks exploiting AI to target older DeFi protocols will become increasingly common in the near future. Therefore, we recommend that project teams conduct new security audits of their contract code. If vulnerabilities are found, they should upgrade the contract or transfer assets as soon as possible, and implement on-chain monitoring to detect anomalies promptly and minimize losses.

Related Questions

QWhat was the main vulnerability exploited in the Truebit Protocol attack?

AThe main vulnerability was an integer overflow issue in the token purchase price calculation logic, specifically in the `getPurchasePrice` function, which allowed the attacker to manipulate calculations and mint a large number of TRU tokens without paying the required ETH.

QHow much ETH was stolen in the Truebit Protocol attack?

A8,535.36 ETH, which was approximately equivalent to $26.44 million at the time of the attack.

QWhat was the attacker's address involved in the Truebit exploit?

AThe attacker's address was 0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50.

QWhich Solidity version was the Truebit Protocol contract using, and why was it significant?

AThe contract was using Solidity ^0.6.10, which did not have built-in overflow checks for arithmetic operations. This lack of safety checks allowed the integer overflow vulnerability to be exploited.

QWhat was the key step the attacker took to trigger the integer overflow vulnerability?

AThe attacker input a very large value for `_amountIn` in the `getPurchasePrice` function, causing the calculation `v12 + v9` to overflow and result in a very small value, ultimately making `(v12 + v9) / v6` equal to zero, which allowed minting tokens without cost.

Related Reads

Argentina Bans Polymarket Over Illegal Gambling Concerns Following Colombia

Argentina has blocked the prediction market platform Polymarket following a court ruling in Buenos Aires that declared its operations illegal under the country's gambling regulations. Authorities have directed internet service providers and app stores to restrict access to the platform. Officials raised concerns over the use of cryptocurrencies for betting and the lack of user identity checks, which could allow minors to participate. The decision follows similar action taken by Colombia, where Polymarket was also classified as an illegal gambling operation for failing to meet licensing requirements. The case reflects growing global regulatory scrutiny of crypto-based prediction markets, which are increasingly being treated as gambling platforms due to their structure and potential risks to market integrity.

TheNewsCrypto9m ago

Argentina Bans Polymarket Over Illegal Gambling Concerns Following Colombia

TheNewsCrypto9m ago

Huang Reinforces Nvidia’s Role, Pushing AI Cryptocurrencies upwards

Nvidia CEO Jensen Huang's keynote at CES 2026 emphasized the company's pivotal role in the expanding artificial intelligence industry, projecting a $1 trillion chip demand through 2027. This announcement boosted Nvidia's stock by 1.63% and positively influenced AI-related cryptocurrencies. Tokens such as FOMO, LISA, and AIN saw significant gains, rising over 30%, while major AI cryptocurrencies like TAO and NEAR also advanced. The broader crypto market rally, including Bitcoin and Ethereum, further supported the upward trend. Additionally, Nvidia's collaboration with Samsung on the Groq LP30 chip, expected to ship in late 2026, was highlighted.

TheNewsCrypto22m ago

Huang Reinforces Nvidia’s Role, Pushing AI Cryptocurrencies upwards

TheNewsCrypto22m ago

RWA Weekly Report|Total Market Cap Hits New High; US Stablecoin Legislation Nears Consensus, Yield Issue Remains Key Breakthrough (3.11-3.17)

RWA Weekly Report: Market Cap Hits New High; US Stablecoin Legislation Nears Consensus (Mar 11–17) The RWA market continues to grow, with the on-chain total value of real-world assets reaching $27.05 billion, a weekly increase of 2.35%. Representative assets also rose to $346.79 billion. The number of asset holders increased to 675,000. U.S. Treasury tokenizations grew to $11.2 billion, while commodity assets remained stable at ~$5.7 billion. Credit assets like asset-backed credit ($3.1B) and specialized finance ($2.1B) saw growth, indicating a slight rise in risk appetite. Key developments include the SEC considering an "innovation exemption" to facilitate tokenized securities trading. U.S. stablecoin legislation is nearing consensus, though debates continue over yield provisions. The European Central Bank unveiled a strategy for a tokenized wholesale financial ecosystem to enhance EU financial autonomy. Notable updates: USDC's circulation surpassed $80 billion for the first time. Ondo Finance launched tokenized stocks as collateral in DeFi via Chainlink oracles. MSX introduced a Pre-IPO investment section. DWF Labs noted a shift in institutional capital towards BTC, ETH, and RWA, reducing traditional "altseason" dynamics. ShapeShift's founder accumulated ~$23.76M in tokenized gold. Overall, the RWA market is expanding with clearer regulatory momentum and institutional adoption.

Odaily星球日报27m ago

RWA Weekly Report|Total Market Cap Hits New High; US Stablecoin Legislation Nears Consensus, Yield Issue Remains Key Breakthrough (3.11-3.17)

Odaily星球日报27m ago

Bitcoin near $76K – LTHs hold tight, BTC ETFs add almost $1B: What changed?

Bitcoin briefly reclaimed $76,000, supported by strengthening fundamentals. A key driver is the behavior of long-term holders (LTHs), who are holding tightly, as shown by low Coin Days Destroyed (CDD) and are at a four-year inactivity extreme. This significantly reduces structural sell pressure. Despite a slight rise in the Exchange Supply Ratio (ESR), total exchange reserves continue to decline, limiting downside risk. On the demand side, spot Bitcoin ETFs recorded six consecutive days of net inflows, totaling nearly $1 billion, marking the longest accumulation streak in 2025 and indicating renewed institutional confidence. These combined supply and demand dynamics support a continued upward price trend.

ambcrypto48m ago

Bitcoin near $76K – LTHs hold tight, BTC ETFs add almost $1B: What changed?

ambcrypto48m ago

Matrixdock Launches Silver Token XAGm, Building On-Chain Silver Reserve Asset Based on FRS Standard

Matrixdock, a leading RWA platform, has launched XAGm, an institutional-grade silver token backed by fully allocated physical silver. The token is supported by LBMA Good Delivery standard silver bars, enabling this widely traded precious metal to enter the on-chain financial ecosystem. XAGm expands Matrixdock’s on-chain precious metals system, supporting use cases such as trading, collateralization, and DeFi applications. Unlike gold, which primarily serves as a store of value, silver possesses both investment and industrial demand, introducing stronger cyclical dynamics and diversified utility in on-chain markets. XAGm is one of the few institutional-grade tokenized silver products, with verifiable asset backing held in professional vaults. The token is issued under Matrixdock’s FRS (Fungible Reserve Standard) framework, which ensures transparent and sustainable alignment between on-chain tokens and underlying physical assets. Initially deployed on Ethereum, XAGm is set to expand to other blockchain ecosystems to improve accessibility and liquidity. This launch further develops Matrixdock’s Reserve Layer, combining gold and silver to create a more resilient and diversified on-chain asset base for the decentralized financial system.

marsbit50m ago

Matrixdock Launches Silver Token XAGm, Building On-Chain Silver Reserve Asset Based on FRS Standard

marsbit50m ago

Trading

Spot
Futures

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of ETH (ETH) are presented below.

活动图片

Top Questions

Hot Categoriesright-arrow

Hot Tagsright-arrow