Truebit Hacker Laundered $26 Million in ETH via Tornado Cash

Generated by AI AgentMira SolanoReviewed byAInvest News Editorial Team
Sunday, Jan 11, 2026 12:13 am ET1min read
ETH
--
TRU
--
TORN
--
UNI
--
Aime RobotAime Summary

- Truebit Protocol suffered a $26.4M

Ethereum
theft via a legacy smart contract flaw, draining 8,535 ETH and collapsing TRU token value by ~100%.

- Attackers exploited a mispriced minting function in a 5-year-old contract, using bribed blockchain builders to execute the exploit rapidly and launder funds through Tornado Cash.

- TRU's collapse triggered panic selling, while

Uniswap
saw $1.4M in fees from surging TRU trading volume, highlighting DeFi market fragility.

- PeckShield linked the attack to a prior Sparkle protocol breach, warning of rising sophistication in exploits targeting outdated DeFi contracts.

- Analysts monitor regulatory responses to privacy tools like Tornado Cash and emphasize urgent code audits to prevent future breaches in aging protocols.

The Truebit Protocol has become the latest DeFi target in a $26.4 million

Ethereum
heist. The exploit, which occurred on January 8, 2026, saw an attacker
drain 8,535 ETH
from the protocol's liquidity pools. This triggered an immediate collapse in the value of Truebit's native token,
TRU
, which
fell nearly 100%
.

The attack exploited a mispriced minting function in a legacy smart contract, allowing the attacker to mint TRU tokens at no cost and sell them back into the protocol for

ETH
.
On-chain data shows
the stolen funds were quickly transferred to two addresses before being laundered through
Tornado Cash
.

The incident has raised concerns about the vulnerability of older DeFi contracts to exploitation. PeckShield, which flagged the attack, noted the same wallet had previously targeted the Sparkle protocol 12 days earlier.

Why Did This Happen?

The exploit was made possible by a smart contract flaw that allowed the attacker to mint TRU tokens at near-zero cost. By repeatedly executing this cycle, the attacker

drained ETH from the protocol's liquidity pools
. The vulnerability was traced back to a five-year-old contract with outdated logic that had not been retired.

The attacker further ensured rapid execution of the exploit by

bribing blockchain builders
for faster transaction inclusion, minimizing the risk of intervention.

How Did Markets React?

The TRU token's value plummeted from $0.16 to near zero within hours of the attack, erasing years of market capitalization. The collapse prompted

widespread panic selling
and liquidity withdrawal from decentralized exchanges.

The impact extended beyond Truebit.

Uniswap
recorded a
record $1.4 million
in daily fees driven by the sharp increase in TRU trading volume.

What Are Analysts Watching Next?

The Truebit team has acknowledged the breach and is working with law enforcement to investigate the incident.

Users have been advised
not to interact with the affected contract address. No immediate recovery or compensation plan has been announced.

The hacker's use of Tornado Cash to anonymize the stolen funds has

raised questions about
the effectiveness of anti-money laundering tools in the DeFi space.

PeckShield noted that the broader DeFi ecosystem has seen a 60% drop in exploit losses in December compared to November 2025, but the sophistication of attacks has increased. Analysts are now watching for further breaches in older contracts and

how regulators respond
to privacy tools like Tornado Cash.

The attack also highlights the need for continuous code audits and the retirement of outdated smart contracts. Security firms and developers are being urged to

prioritize protocol safety
amid rising regulatory scrutiny.