Today in crypto: SlowMist identified a smart-contract overflow bug as the culprit behind a $26 million exploit of the Truebit protocol, US Senators Cynthia Lummis and Ron Wyden introduced legislation to ensure blockchain developers are exempt from money transmitter regulations, and World Liberty Financial has entered the crypto lending market.
Truebit exploit exposes smart-contract flaw behind $26 million token mint
A $26 million exploit of the offline computation protocol Truebit stemmed from a smart-contract flaw that allowed an attacker to mint tokens at near-zero cost, highlighting persistent security risks even in long-running blockchain projects.
Truebit suffered the $26 million exploit that resulted in a 99% crash for the Truebit (TRU) token, Cointelegraph reported on Friday.
The attacker abused a loophole in the protocol’s smart-contract logic, which enabled them to mint “massive amounts of tokens without paying any ETH,” according to blockchain security company SlowMist, which published a post-mortem analysis on Tuesday.
“Due to a lack of overflow protection in an integer addition operation, the Purchase contract of Truebit Protocol produced an incorrect result when calculating the amount of ETH required to mint TRU tokens,” SlowMist said.
The smart contract’s price calculations were then “erroneously reduced to zero,” enabling the attacker to drain the contract’s reserves by minting $26 million worth of tokens “at nearly no cost,” the post mortem said.
Since the contract was compiled with Solidity 0.6.10, the prior version didn't include built-in overflow checks, which caused calculations exceeding the maximum value of “uint256” to result in a “silent overflow,” causing the result to “wrap around a small value near zero.”
Senators pitch bill to lock in protections for crypto developers
US Senators Cynthia Lummis and Ron Wyden have introduced standalone legislation to ensure that blockchain developers and service providers who don’t directly handle user funds are exempt from money transmitter regulations.
The Blockchain Regulatory Certainty Act (BRCA), introduced by Lummis and Wyden on Monday, aims to clarify that writing software or maintaining networks doesn’t trigger federal or state money-transfer requirements.
There have been mounting concerns among crypto developers about being held criminally liable for the way people choose to use their software.
Last year, Tornado Cash co-founders Roman Storm and Alexey Pertsev were found guilty of operating an unlicensed money-transmitting business in connection with the mixing protocol.
Lummis said in a statement that the bill aims to provide developers with the clarity needed to “build the future of digital finance without fear of prosecution for activities that pose no money laundering risk,” as regulatory uncertainty under the current law has “driven innovation offshore and subjected them to conflicting state regulations.”
Trump-linked World Liberty brings $3.4 billion stablecoin into crypto lending markets
World Liberty Financial, a decentralized finance project linked to the family of US President Donald Trump, has entered the cryptocurrency lending market, highlighting renewed interest in onchain credit as regulatory clarity improves.
The new product, called World Liberty Markets, launched on Monday and allows users to borrow and lend digital assets, according to a Bloomberg report. The platform is built around USD1, World Liberty’s US dollar–backed stablecoin, alongside its governance token, WLFI.
Users can post collateral, including Ether (ETH), a tokenized version of Bitcoin (BTC) and major stablecoins such as USD Coin (USDC) and Tether (USDT). The platform is designed to support both lending and borrowing activity within a single onchain marketplace.
World Liberty co-founder Zak Folkman told Bloomberg that additional collateral types will be added over time, potentially including tokenized real-world assets (RWAs). He also said the company is exploring partnerships with prediction markets, cryptocurrency exchanges and real estate platforms.
The lending rollout follows World Liberty’s recent application for a national trust bank charter with the US Office of the Comptroller of the Currency. The company has said the charter would support broader adoption of USD1, which is already being used for cross-border payments and treasury operations.
