At least $26 million in crypto stolen from Truebit platform as crypto crime landscape evolves

Hackers stole more than $26 million worth of cryptocurrency from the Truebit platform on Thursday, marking the first major crypto hack of 2026.

The company said in a statement that it became aware of a security incident “involving one or more malicious actors.”

“We are in contact with law enforcement and taking all available measures to address the situation,” Truebit said, urging people not to interact with the smart contract that had been affected by the attack. 

Multiple blockchain security companies tracked 8,535 ETH coins taken from Trubit, amounting to $26.44 million. 

The Delaware-based company says it provides infrastructure for tokens, handling costly computations on behalf of other digital assets. 

The theft continues a trend from the last two years, when hackers stole billions worth of cryptocurrency from both platforms and asset owners. 

Chainalysis tracked more than $3.4 billion worth of stolen cryptocurrency in 2025, with $2 billion being stolen by hackers connected to the government of North Korea. That figure was nearly identical to the $3.1 billion worth of cryptocurrency stolen in 2024.

As news of the Truebit incident broke, Chainalysis published a new report on Thursday that warned of increasing professionalization of the crypto crime landscape, noting that illicit organizations “now operate large-scale on-chain infrastructure to help transnational criminal networks procure goods and services and launder their ill-gotten crypto.”

The blockchain company said illicit cryptocurrency addresses received at least $154 billion in 2025, a 162% increase year-over-year. Illicit addresses are typically controlled by cybercriminals, ransomware gangs and sanctioned entities. 

Chainalysis head of national security intelligence Andrew Fierman told Recorded Future News that of the $154 billion, $104 billion went to sanctioned entities. 

Fierman explained that both legitimately acquired and illicitly obtained cryptocurrency are increasingly becoming an avenue for countries like North Korea to circumvent sanctions, avoid localized hyperinflation and get around the lack of access to traditional banking institutions.

“Cryptocurrency, especially stablecoins happen to be one of those avenues, given they’re borderless, have low volatility, and generally have broad utility,” he said. 

Chainalysis spotlighted the evolution of Chinese cryptocurrency and money laundering networks. 

They have been able to operate in jurisdictions with little regulatory oversight and Fierman noted that the scale at which they operate “indicate[s] these are significant organized criminal networks with large swaths of money, and now cryptocurrency integrated into their already expansive laundering networks for illicit activities executed both on, and off the blockchain.”

One of the key platforms is Huione, a Cambodia-based site used to launder and move billions in funds obtained through crypto thefts, cybercrime and pig butchering scams. U.S. officials sanctioned the platform last year and the company announced that it would stop processing user withdrawals in December. 

According to Fierman, on-chain activity indicates that the platform has stopped processing withdrawals. But he warned that it is still unclear whether the company will simply rebrand or if it is actually shutting its doors. 

“Various other Chinese language guarantee services similar to Huione have taken on a portion of the volumes for advertisements of illicit activity, including the sale of scam technology, as well as money laundering services,” he said. 

“However, the underlying Chinese money laundering networks (CMLNs) are platform agnostic, and operate across multiple platforms in order to expand their reach in offering their laundering services.”