Truebit Hacker Laundered $26 Million in ETH via Tornado Cash

The Truebit Protocol has become the latest DeFi target in a $26.4 million EthereumETH-- heist. The exploit, which occurred on January 8, 2026, saw an attacker drain 8,535 ETH from the protocol's liquidity pools. This triggered an immediate collapse in the value of Truebit's native token, TRUTRU--, which fell nearly 100%.

The attack exploited a mispriced minting function in a legacy smart contract, allowing the attacker to mint TRU tokens at no cost and sell them back into the protocol for ETHETH--. On-chain data shows the stolen funds were quickly transferred to two addresses before being laundered through Tornado CashTORN--.

The incident has raised concerns about the vulnerability of older DeFi contracts to exploitation. PeckShield, which flagged the attack, noted the same wallet had previously targeted the Sparkle protocol 12 days earlier.

Why Did This Happen?

The exploit was made possible by a smart contract flaw that allowed the attacker to mint TRU tokens at near-zero cost. By repeatedly executing this cycle, the attacker drained ETH from the protocol's liquidity pools. The vulnerability was traced back to a five-year-old contract with outdated logic that had not been retired.

The attacker further ensured rapid execution of the exploit by bribing blockchain builders for faster transaction inclusion, minimizing the risk of intervention.

How Did Markets React?

The TRU token's value plummeted from $0.16 to near zero within hours of the attack, erasing years of market capitalization. The collapse prompted widespread panic selling and liquidity withdrawal from decentralized exchanges.

The impact extended beyond Truebit. UniswapUNI-- recorded a record $1.4 million in daily fees driven by the sharp increase in TRU trading volume.

What Are Analysts Watching Next?

The Truebit team has acknowledged the breach and is working with law enforcement to investigate the incident. Users have been advised not to interact with the affected contract address. No immediate recovery or compensation plan has been announced.

The hacker's use of Tornado Cash to anonymize the stolen funds has raised questions about the effectiveness of anti-money laundering tools in the DeFi space.

PeckShield noted that the broader DeFi ecosystem has seen a 60% drop in exploit losses in December compared to November 2025, but the sophistication of attacks has increased. Analysts are now watching for further breaches in older contracts and how regulators respond to privacy tools like Tornado Cash.

The attack also highlights the need for continuous code audits and the retirement of outdated smart contracts. Security firms and developers are being urged to prioritize protocol safety amid rising regulatory scrutiny.