ExchangeDEX+

Buy Crypto Markets Spot FuturesXAUT Earn Event Center

2025 Recap

Author: Beosin In the early hours of January 9th, a closed-source contract deployed by Truebit Protocol five years prior was attacked, resulting in a loss of 8,Author: Beosin In the early hours of January 9th, a closed-source contract deployed by Truebit Protocol five years prior was attacked, resulting in a loss of 8,

Truebit Protocol security incident analysis and traceability of stolen funds, resulting in losses exceeding $26 million.

2026/01/09 18:40

Author: Beosin

In the early hours of January 9th, a closed-source contract deployed by Truebit Protocol five years prior was attacked, resulting in a loss of 8,535.36 ETH (worth approximately $26.4 million). The Beosin security team conducted a vulnerability and fund tracking analysis of this security incident and shares the results below:

Attack Method Analysis

We will analyze the most significant attack transaction in this incident, with the transaction hash: 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

1. The attacker calls getPurchasePrice() to obtain the price.

2. Subsequently, the flawed function 0xa0296215() is called, and the msg.value is set to an extremely small value.

Since the contract is not open source, it is inferred from the decompiled code that the function has an arithmetic logic vulnerability, such as a problem with integer truncation, which allowed the attacker to successfully mint a large number of TRU tokens.

3. The attacker used the burn function to "sell back" the minted tokens to the contract, extracting a large amount of ETH from the contract's reserves.

This process is repeated four more times, with the msg.value increasing each time, until almost all the ETH in the contract has been extracted.

Stolen Funds Tracking

Based on on-chain transaction data, Beosin conducted a detailed fund tracking through its blockchain on-chain investigation and tracking platform, BeosinTrace, and shared the results as follows:

Currently, the stolen 8,535.36 ETH has been transferred, with the vast majority stored at 0xd12f6e0fa7fbf4e3a1c7996e3f0dd26ab9031a60 and 0x273589ca3713e7becf42069f9fb3f0c164ce850a.

Address 0xd12f holds 4,267.09 ETH, and address 0x2735 holds 4,001 ETH. The address from which the attacker launched the attack (0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50) still holds 267.71 ETH. No further fund transfers have been made from these three addresses.

Analysis chart of stolen funds flow by Beosin Trace

All the addresses listed above have been flagged as high-risk by Beosin KYT. For example, consider the attacker's address:

Beosin KYT

Conclusion

The stolen funds involved smart contracts that were not open-sourced five years ago. For such contracts, project teams should upgrade them, introducing emergency pauses, parameter restrictions, and the security features of the latest Solidity versions. Furthermore, security auditing remains an essential part of contract management. Through security audits, Web3 companies can comprehensively examine smart contract code, identify and fix potential vulnerabilities, and improve contract security.

*Beosin will provide a complete analysis report on all fund flows and address risks. You are welcome to request it via the official email address support@beosin.com.

Market Opportunity

Ethereum Price(ETH)

$3,121.08

$3,121.08$3,121.08

+0.82%

USD

Ethereum (ETH) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.