A latest spate of hacks has been protecting older decentralized finance (DeFi) platforms squarely within the crosshairs.
Throughout the 2020-2022 DeFi increase, the likes of Ribbon Finance, Rari Capital and Yearn have been family names throughout the sector.
Nevertheless, contracts from all three tasks have been hacked in December, resulting in hypothesis that blackhats could also be reassessing forgotten code with the assistance of AI.
The marketing campaign apparently reveals no indicators of slowing down. An additional two tasks have now misplaced $27 million between them, over the course of three incidents.
Truebit: $26M infinite mint
On Thursday, “verification layer” Truebit suffered the 12 months’s first main hack.
The affected contract contained an integer-overflow vulnerability which allowed the hacker to mint an unlimited amount of TRU tokens.
These have been then burned, the hacker withdrew 8,535 ether (ETH) price $26 million, and the TRU worth plummeted to zero.
Right now, we turned conscious of a safety incident involving a number of malicious actors. The affected sensible contract is 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 and we strongly advise the general public to not work together with this contract till additional discover. We’re involved with legislation…
— Truebit (@Truebitprotocol) January 8, 2026
The code had been weak since launch, nearly 5 years in the past. Given the contract as soon as held nearly 44,000 ETH (price $140 million), the injury may have been far worse.
Afterward, on-chain bots replicated the assault, with one safety researcher commenting that “fuzzing bots are eating this up like piranhas.”
Futureswap: double hassle
Earlier in the present day, a second assault hit Futureswap, a seemingly-abandoned leverage buying and selling platform on Arbitrum.
As flagged by Decurity, the unverified contract misplaced simply over $400,000, bringing the entire extracted from the venture to round $1 million up to now month.
Futureswap had beforehand been hit by a governance assault in December, wherein a minimum of $550,000 was estimated to have been misplaced.
The attacker submitted a malicious proposal earlier than voting for it with tokens quickly borrowed through a “flash loan.”
‘It’s going to maintain taking place’
Pseudonymous ex-Yearn safety researcher storming0x, who had beforehand highlighted the sample of an attacker “specifically targeting legacy contracts,” once more referred to as for DeFi groups to reassess their outdated code.
They suggest that groups “either deprecate/sunset or reaudit” legacy contracts and “implement preventive actions” to guard customers. Customers, for his or her half, ought to “withdraw from old contracts.”
“It’s going to keep happening,” they warn.
