TruebitGod

1

198

Autism Capital 🧩@AutismCapital·15 Oca

If you want to understand what’s going on with AI watch this. It’s 5 minutes but you can watch it in 2x. It’s actually what’s happening.

English

204

710

4.1K

244.2K

TruebitGod@TruebitGod·13 Oca

@Truebitist Why don't you just give them time? An incident of this size needs a proper thought-out response. Please be patient.

English

1

90

TruebitGod@TruebitGod·11 Oca

@coinbureau If anyone wants full details of the incident see here: tru.watch/security-incid…

English

5

217

Coin Bureau@coinbureau·11 Oca

⚡UPDATE: The Truebit hacker has now fully laundered all 8,535 ETH stolen, worth over $26M, through Tornado Cash.

English

46

27

253

30.2K

TruebitGod retweeté

Truebit@Truebitprotocol·10 Oca

DO NOT TRUST anything claiming to be from us unless it’s posted by @Truebitprotocol. Any other websites, social posts, or messages are not official unless they come from this account.

English

41

8

63

23K

TruebitGod@TruebitGod·9 Oca

@kryptodegeny Details are here - tru.watch/security-incid…

English

2

111

Krypto Degeneraci.@kryptodegeny·9 Oca

To był stary smart kontrakt od Truebitu, 5 lat wisiał na Ethereum i nikt go nie ruszał. Wczoraj ktoś znalazł błąd i wyciągnął z niego około 8,5k ETH czyli jakieś $26 milionów. Kod był zamknięty, zero audytu, tylko bajtcode. Co jest możliwe to to, że coraz bardziej wygląda to tak, że AI pewnie z bocikiem w tle przewala stare kontrakty i szuka luk, a jak znajdzie, to robi klik i kasa znika. Closed source + stare kontrakty = tykająca bomba

Polski

8

6

137

30.8K

TruebitGod@TruebitGod·9 Oca

@nicoweb3audit Once you have done this can you please message me, thank you.

English

1

134

nico_security@nicoweb3audit·9 Oca

This is my third day learning about smart contract auditing. Today I looked at some analysis files about the stolen Truebit protocol and learned how to decompile bytecode. Once I successfully decompile it, I'll document the attack process. etherscan.io/tx/0xcd4755645…

English

0

235

Truebit@Truebitprotocol·9 Oca

Our team is tirelessly working to address the incident we reported yesterday, and has engaged additional resources to strengthen tracing and recovery. Updates will follow through our official channels.

Truebit@Truebitprotocol

Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law enforcement and taking all available measures to address the situation. We will share updates through our official channels as they become available.

English

35

15

113

28.5K

TruebitGod@TruebitGod·9 Oca

@Truebitprotocol Thank you guys.

English

@AstraSecAI @Truebitprotocol x.com/TruebitGod/sta…

2

326

TruebitGod@TruebitGod·9 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

QME

@EvanLuthra x.com/TruebitGod/sta…

1

147

AstraSec@AstraSecAI·9 Oca

🛡️ Exploit Analysis: Truebit Protocol (~$26M Loss) @Truebitprotocol A reminder that one missed check is all it takes. As shown in the image, the purchase function utilized SafeMath for most operations but missed the final addition step. The Vulnerability: The missing safe-add allowed an integer overflow when a large enough mint amount was passed, resulting in a token cost of zero.

English

5

0

19

6.2K

TruebitGod@TruebitGod·9 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

QME

2

151

Evan Luthra@EvanLuthra·9 Oca

WHAT JUST HAPPENED!!!!🤯 $TRU dumped like crazy after a serious smart contract bug. Because of an old flaw in the contract, an attacker was able to buy TRU for $0, sell it again and again, and steal 8,535 ETH about $26.6M. Are you holding $TRU?👇

English

27

14

36

26.1K

TruebitGod@TruebitGod·9 Oca

@pashov @hbbiok I sent you a DM regarding this.

English

27

pashov@pashov·9 Oca

@hbbiok It's likely, yes

English

0

2

580

pashov@pashov·8 Oca

🚨A smart contract exploit from 1hr ago just drained ~8536 ETH, worth around ~$26M The code was live on Ethereum for almost 5 years already. Source code unverified - only bytecode is public.

English

142

153

3.1K

357.1K

TruebitGod@TruebitGod·9 Oca

@martypartymusic @pashov Can I DM you please? Truebit have always been very secretive about their code, mainly because so many early L2s copied their verification game.

English

@Moneygurudigi x.com/TruebitGod/sta…

57

MartyParty@martypartymusic·9 Oca

@pashov Closed source FAIL

English

3

0

27

12.4K

TruebitGod@TruebitGod·9 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

QME

1

210

Money Guru Digital@Moneygurudigi·9 Oca

🚨 TRUEBIT PROTOCOL EXPLOITED, $26.6M LOST An old smart contract bug let an attacker buy $TRU for free and dump it repeatedly, draining 8,535 $ETH in a single transaction. The exploit even called a function named “Attack.” Funds were split across wallets, with 50% already sent to Tornado Cash to obscure trail $TRU collapsed completely. This wasn’t volatility, it was broken code.

English

24

12

25

9.3K

TruebitGod@TruebitGod·9 Oca

@pashov @botdidy I've got one, please keep an eye on my profile for full details, also look at this - tru.watch/security-incid…

English

Weilin (William) Li@hklst4r

20

pashov@pashov·8 Oca

@botdidy Root cause analysis in progress Here is one x.com/hklst4r/status…

Another 26M hack. @Truebitprtocol I haven't decompiled the vulnerable code yet, but the root cause appears to be a mispriced minting function of its purchase contract that allows anyone to purchase TRU token at a very low price. The first attacker (26M profit): 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014The second attacker (~250k profit): 0x71496352b02f974a3898c1b743e9fc2befb935e6c2a3e421134ec09b63052f4b@Truebitprotocol This contract has been a very old contract deployed ~5 years ago... It seems old contracts are getting more "popular" among attackers now. btw a friend of mine shared me a screenshot of the second hacker celebrating in his chat group 😂 (not sure if it's genuine) --- Disclaimer: This is my prelminary analysis and I may make mistakes.

English

@pashov x.com/TruebitGod/sta…

22

11.5K

TruebitGod@TruebitGod·9 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

QME

175

TruebitGod@TruebitGod·9 Oca

@hklst4r @Truebitprotocol Send me the screenshot you have.

English

@Truebitprotocol x.com/hklst4r/status…

30

Weilin (William) Li@hklst4r·8 Oca

Weilin (William) Li@hklst4r

Another 26M hack. @Truebitprtocol I haven't decompiled the vulnerable code yet, but the root cause appears to be a mispriced minting function of its purchase contract that allows anyone to purchase TRU token at a very low price. The first attacker (26M profit): 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014The second attacker (~250k profit): 0x71496352b02f974a3898c1b743e9fc2befb935e6c2a3e421134ec09b63052f4b@Truebitprotocol This contract has been a very old contract deployed ~5 years ago... It seems old contracts are getting more "popular" among attackers now. btw a friend of mine shared me a screenshot of the second hacker celebrating in his chat group 😂 (not sure if it's genuine) --- Disclaimer: This is my prelminary analysis and I may make mistakes.

QME

@Truebitprotocol x.com/TruebitGod/sta…

0

13

8.3K

Truebit@Truebitprotocol·8 Oca

Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law enforcement and taking all available measures to address the situation. We will share updates through our official channels as they become available.

English

59

21

143

125.4K

TruebitGod@TruebitGod·9 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

QME

37

TruebitGod@TruebitGod·8 Oca

@Richarddd102 @Truebitprotocol We are adding everything we can find in real time.

English

3

415

Richard Jameshouse@Richarddd102·8 Oca

@TruebitGod @Truebitprotocol brilliant by marcus

English

0

1

452

TruebitGod@TruebitGod·8 Oca

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

Truebit@Truebitprotocol

Today, we became aware of a security incident involving one or more malicious actors. The affected smart contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the public not to interact with this contract until further notice. We are in contact with law enforcement and taking all available measures to address the situation. We will share updates through our official channels as they become available.

English

10

8

38

7.1K

TruebitGod@TruebitGod·8 Oca

@0xLazloSoot @ddimitrovv22 Please see here - x.com/TruebitGod/sta…

Attention all Truebit holders. Do not interact with the contract until @Truebitprotocol provide further information. What we know so far: malicious actors have exploited the OS reserve/mint functions and drained 8000+ Ethereum from the reserve. My friend Marcus has added a security incident page to his Tru Watch site: tru.watch/security-incid… Here you can track the flow of the funds and monitor the attacker's wallets. Currently, the 8000+ Eth stolen is sitting in two wallets. Please see the page. I hope you are all okay, this is the worst start to a year I have ever experienced. DM me if I can do anything for you.

English