Truebit’s TRU token crashes over 99% after a 26 million greenback Ether exploit, extending a string of main DeFi safety breaches regardless of falling combination losses.
Abstract
- Truebit stories a wise‑contract exploit that drained about 8,535 ETH, or roughly 26 million {dollars}, triggering a 99% crash in TRU’s value.
- December additionally noticed Move’s 3.9 million greenback counterfeit token incident and a Belief Pockets Chrome extension hack costing customers round 7 million {dollars}.
- PeckShield information present whole crypto hack losses fell to about 76 million {dollars} in December from 194 million in November, at the same time as excessive‑profile breaches multiplied.
Truebit acknowledged “an incident of safety involving a number of malicious actors” tied to a wise contract tackle that implies losses of about 26 million {dollars} in Ether. In a put up on X, the staff stated it was involved with legislation enforcement and was “taking all accessible measures” following the breach, however has not but given an in depth technical put up‑mortem.
On‑chain analysts monitoring the protocol reported that the attacker siphoned off round 8,535 ETH, valued at roughly 26.6 million {dollars} on the time. Whereas the contract tackle flagged by Truebit reveals solely small quantities of stolen ETH, blockchain sleuths reminiscent of Lookonchain and others have pointed to a broader sample of actions indicating that “the entire quantity of cryptocurrency stolen within the assault exceeded 26 million {dollars}.”
Market response was brutal and speedy. In keeping with information from Nansen, the worth of Truebit’s TRU token plunged greater than 99%, sliding from roughly 0.16 {dollars} to an all‑time low close to 0.0000000029 {dollars} as stories of the exploit unfold. On the time of publication, it remained unclear what precisely triggered the multi‑million‑greenback exploit or whether or not finish‑person funds held on the protocol had been straight in danger, and Cointelegraph famous that Truebit had not responded to a request for remark.
Move’s counterfeit token incident
The Truebit breach follows a December through which a number of excessive‑profile exploits shook confidence in blockchain infrastructure. On 27 December 2025, the Move Basis disclosed that an attacker exploited a vulnerability within the Move community to “counterfeit tokens, extracting roughly 3.9 million USD.”
In its technical put up‑mortem, Move careworn that “no current person balances had been accessed or compromised” and that the assault duplicated belongings moderately than touching respectable holdings. Validators coordinated a community halt inside about six hours of the primary malicious transaction, and most counterfeit belongings had been both frozen on‑chain or recovered and destroyed in coordination with exchanges.
Belief Pockets’s malicious Chrome replace
Belief Pockets additionally confronted a significant safety failure in late December when its Chrome browser extension was compromised. The corporate later confirmed that model 2.68 of the extension contained malicious code that enabled an attacker to entry delicate pockets information and drain person funds, finally resulting in estimated losses of round 7 million {dollars}.
Belief Pockets urged customers to replace instantly to model 2.69 and launched a reimbursement course of, warning of secondary scams by way of faux compensation kinds and impersonated help accounts. CEO Eowyn Chen stated the malicious construct “was most definitely revealed externally by way of the Chrome Net Retailer API key, bypassing our commonplace launch checks,” underscoring the availability‑chain dimension of the compromise.
Business‑vast losses and safety pattern
Regardless of the succession of enormous breaches, trade‑vast losses from hacks and exploits truly fell into yr‑finish. Blockchain analytics agency PeckShield reported that whole losses throughout the crypto sector dropped to about 76 million {dollars} in December, down sharply from roughly 194 million in November.
