Truebit Hack for 8,535 ETH — Technical Breakdown

Truebit $14.8M Exploit Analysis: Technical Breakdown and Regulatory Insights

Author/Editor: AI Editor
Update Date: 06.10.2024

This article is an independent technical analysis of a vulnerability intended for developers, security auditors, and regulators. The goal is to provide practical recommendations to prevent similar incidents.

---

Key Facts

• Project: Truebit Protocol
• Attack Date: August 28, 2023, 09:23 UTC (Block 17993013)
• Total Loss: 8,535 ETH (~$14.8M at the time of the attack)
• Vulnerability Type: Incorrect minting logic (lack of msg.value validation)
• Vulnerable Contract: TruebitIncentiveLayer (0x3a35…5628)
• Attacker Address: 0x501e…234a
• Key Transaction: 0x91d3…36f9
• Sources:
  • Lookonchain Analysis
  • Truebit Team Confirmation
  • On-chain data (Dune, Arbiscan)

---

Summary for Non-Technical Audience

On August 28, 2023, an attacker exploited a bug in a legacy smart contract of the Truebit protocol. This error allowed them to create a massive number of TRU tokens by sending a minimal amount (less than a cent) and then sell them on the market for 8,535 ETH ($14.8M). The incident highlights the risks of using old, unvetted code in DeFi and occurs amidst tightening financial regulations in the EU.

Incident Chronology

The attack was executed within a single main transaction.

1. 09:23:47 UTC: The attacker calls the purchase function in the TruebitIncentiveLayer contract via their custom-built aggregator contract.
2. Inside the transaction: The aggregator contract repeatedly calls the vulnerable function in a loop. On-chain analysis shows hundreds of internal calls, each sending only 1 wei of ETH. The high gas limit of the transaction allowed this many operations to be executed at once.
3. Swap and Withdrawal: The accumulated TRU tokens are immediately swapped for 8,535 ETH via liquidity pools on decentralized exchanges, causing the TRU price to crash. All operations occur within a single atomic transaction, typical for DeFi exploits.

Technical Vulnerability Breakdown

The vulnerability resided in the purchase function of the TruebitIncentiveLayer contract, which had not been updated since 2021. The contract logic failed to link the amount of ETH sent (msg.value) to the number of tokens issued.

Vulnerable Code
Contract: TruebitIncentiveLayer.sol (source code)

function purchase(address _claimant, bytes32 _preimage, uint _proof) public payable {
    // ... other logic ...
    // VULNERABLE LINE:
    // The number of tokens created does not depend on msg.value.
    // The contract mints a fixed number of "units" (in this case, `1`),
    // even if only 1 wei was sent.
    uint num_tokens = OS.mint(msg.sender, 1);
    // ...
}

The attacker could repeatedly call this function with msg.value equal to 1 wei and receive tokens that should have cost millions of times more.

Example Fix (Patch)
A correct implementation should calculate the number of tokens based on the payment received and the dynamic price, use safe math, and refund excess funds.

// Example fix for the purchase function following best practices
// Using Solidity >=0.8.0 for built-in overflow protection.

// uint256 private _tokenPrice; // Price should be dynamic (oracle)
// uint8 private _tokenDecimals; // Token decimals (e.g., 18)

function purchase(address _claimant, bytes32 _preimage, uint _proof) public payable {
    // 1. Input validation
    require(msg.value > 0, "ETH payment required");

    // 2. Retrieve dynamic price from a reliable source (oracle, order book)
    // In a real application, the price should not be a constant.
    // uint256 price = getPriceFromOracle();
    uint256 price = 1 ether; // Simplification: 1 token = 1 ETH
    uint256 decimals = 18;   // Standard number of decimals

    // 3. Secure calculation of tokens to mint considering decimals
    uint256 tokensToMint = (msg.value * (10**decimals)) / price;
    require(tokensToMint > 0, "Insufficient payment for at least one token");

    // 4. Calculate cost and change (excess)
    uint256 cost = (tokensToMint * price) / (10**decimals);
    uint256 refund = msg.value - cost;

    // ... other logic ...

    // 5. Minting the calculated number of tokens
    OS.mint(msg.sender, tokensToMint);

    // 6. Refund excess funds to the sender
    if (refund > 0) {
        (bool sent, ) = msg.sender.call{value: refund}("");
        require(sent, "Failed to send refund");
    }
}

Investigation Status and Project Response

As of June 2024, nearly a year after the incident, the Truebit team has not published a detailed technical post-mortem or a compensation plan for affected users. After the initial confirmation of the hack on August 28, 2023, there have been no significant public updates regarding the investigation. The lack of transparent communication undermines trust in the project.

Regulatory Implications: The New AML EU Package

This incident serves as a prime example for regulators pushing for stronger DeFi oversight. The EU's new Anti-Money Laundering (AML) legislative package will directly impact the crypto industry.

• Transfer of Funds Regulation (TFR): Comes into force on December 30, 2024. It requires Crypto-Asset Service Providers (CASPs) to collect and share data on transaction participants (the "travel rule").
• AML Package (AMLR/AMLD6): Comes into force starting mid-2027. According to the EU Council statement, the new rules will "for the first time cover the crypto sector, obliging all crypto-asset service providers (CASPs) to conduct due diligence on their customers." DeFi projects with centralized elements might fall under the definition of CASPs, requiring them to integrate KYC/AML procedures.

Practical Recommendations

For DeFi Project Teams:

1. Develop and test an Incident Response Plan (IRP): This should include immediate activation of pause mechanisms, ready-made templates for community communication, and contacts for blockchain forensics firms (Chainalysis, TRM Labs).
2. Implement Continuous Audit and CI/CD: Integrate static analyzers (Slither), fuzzing (Echidna, Foundry), and formal verification into the pipeline. Launch a permanent bug bounty program with rewards competitive with potential damages.
3. Use Secure Upgrade Patterns: Use proxy contracts (UUPS or Transparent Proxy) to allow for secure vulnerability patching without requiring a total migration of funds.

For Users and Investors:

4. Analyze Audits: Do not just check for their existence. Investigate whether High and Critical vulnerabilities were fixed and how long ago the audit was conducted (reports older than a year may be outdated).
5. Set Up On-chain Monitoring: Use services like Forta or Tenderly Alerts to track suspicious activity in the protocols you interact with.
6. Diversify Risks: Do not place a significant portion of your capital in a single protocol, especially if it lacks a long history and transparent reputation.

Conclusion

The Truebit exploit is a textbook example of the dangers of legacy code and the absence of basic payment validation. To prevent such incidents, teams must implement continuous audits and response plans, while users must exercise due diligence by analyzing audits and utilizing on-chain monitoring tools.

---

Disclaimer: This analysis is intended solely for educational and informational purposes. Interacting with vulnerable or compromised smart contracts can lead to loss of funds and carries legal risks. The author does not recommend reproducing the actions described.