Blockchain security firm Cyvers has flagged a major security incident involving the Truebit Protocol, with an estimated loss of approximately $26 million in Ethereum. The alert was issued on January 8, 2026, after Cyvers' real-time monitoring systems detected an anomalous on-chain transaction.
The suspicious transfer involved a single address receiving around 8,535 ETH, labeled on-chain as "Truebit Protocol: Purchase." Based on current market prices, the transaction value is estimated at $26 million. Cyvers stated the activity triggered alerts due to unusual behavioral patterns and elevated risk indicators identified by its detection models, describing the transfer as inconsistent with typical protocol transaction flows.
Initial findings indicate the attacker invoked a function in Truebit's Purchase contract, remarkably named "Attack." The exploit was executed rapidly in a single transaction without phased evacuation attempts. Approximately 50% of the drained funds were reportedly channeled through the privacy mixer Tornado Cash shortly after the incident.
The immediate aftermath saw the Truebit token (TRU) experience a catastrophic price collapse. On decentralized exchanges, TRU plummeted by up to 100%, effectively being wiped out. The rapid drying up of liquidity made it impossible for investors to close their positions, leaving the token's value at zero.
As of publication, Truebit has not publicly disclosed any security incident or confirmed the loss, and no official explanation has been provided regarding the transaction's nature. It remains unclear whether the funds were moved due to an exploit, internal operation, or misconfigured contract interaction.
Truebit is a blockchain protocol designed to verify complex computations off-chain using cryptographic and economic safeguards, allowing Ethereum smart contracts to handle tasks too expensive or difficult to run directly on-chain. Cyvers continues to monitor the address and related transactions for further fund movement.
