2026-01-10 17:37:10

The decentralized trading protocol Futureswap on the Arbitrum chain was attacked in the past few hours, resulting in a loss of approximately $395,000. According to on-chain data monitoring, the attacker repeatedly called the changePosition operation to deplete the liquidity funds in the contract, then withdrew a large amount of USDC tokens.

Since Futureswap's contract code has not yet been open-sourced publicly, it is currently difficult to accurately identify the specific cause of the vulnerability. However, preliminary analysis suggests that this attack was likely caused by an unexpected situation occurring during position updates. The security team is continuing to investigate the details of the incident to determine whether it was due to a contract logic flaw or other factors.

This also serves as a reminder for DeFi users to exercise caution when choosing trading platforms, especially emerging protocols or those that have not undergone thorough audits.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

4 Likes

Reward
4
6
Repost
Share

Comment

0/400

WalletDetective

· 6h ago

Another unverified protocol... $395,000 just gone like that, the changePosition operation was a bit reckless. They don't even open-source the code but still dare to go live, it's really frustrating. Why are there so many issues with the Arbitrum chain lately? If you ask me, this is exactly why you should choose audited major protocols. New projects are really too risky to bet on.

View OriginalReply0

ChainSauceMaster

· 13h ago

Not open source and still dare to go live? That's gambling on luck. --- Another un-audited protocol, $395,000 just gone like that, so heartbreaking. --- Repeatedly calling changePosition to drain liquidity? This contract design is a bit outrageous. --- I told you to carefully check new token protocols before playing, and this time it was validated again. --- Not open source code and still attacked, this is just inviting trouble. --- Something fishy on Arbitrum again, forget it, I better stay cautious. --- Is it a logical flaw in the contract or what? When will the investigation report be released? --- Bug in position update? Feels like the entire protocol needs a thorough review. --- Daring to create a trading protocol without sufficient auditing, really brave. --- Another lesson learned: when choosing a platform, you must check whether the code is open source. --- $395,000 just vanished like that, this incident needs a thorough review.

View OriginalReply0

MEVictim

· 13h ago

Not open source code and daring to go live? Are you looking for trouble... $395,000 USD, really speechless --- It's another changePosition... It seems like this kind of vulnerability appears every few months, can't learn, everyone --- New protocols should be avoided, otherwise everyone has learned the painful lesson --- Repeatedly draining liquidity with such low-level operations, where is the audit --- I just want to know how the LPs of Futureswap are feeling now... a direct wipeout --- Open source isn't reliable, locking the code is even more dangerous, this logic makes sense

View OriginalReply0

VitalikFanAccount

· 13h ago

Once again, unverified contracts causing trouble, $395,000 just gone... Can repeatedly calling changePosition drain liquidity? What a ridiculous logical loophole. New protocols really need to be cautious; playing without audits is like gambling with your life. These kinds of incidents happen every week; why are people still willing to pour money in? Not open-sourcing the code—why should anyone trust it? That's just nonsense. Another tuition fee paid; DeFi is just a trial-and-error machine. The position update part definitely has major issues; being arbitraged like this is too outrageous. I'm just saying small platforms are risky, and some people still want to try the yields of new protocols... Arbitrum is under attack again; how come this chain keeps having issues? Unverified contracts are equivalent to suicidal investments—nothing more to say.

View OriginalReply0

FlashLoanKing

· 13h ago

Another one. Can repeatedly calling changePosition drain the pool? This contract must be very fragile... $395,000 just disappeared like that, indicating it was never properly audited.

View OriginalReply0

WhaleWatcher

· 14h ago

It's the fault of another unverified protocol, losing $395,000 just like that. Feels like the same old tricks. Refusing to open source and still letting people play? These days, you really need to be more cautious. Repeatedly calling changePosition to drain liquidity—this tactic... is quite something. Not open-sourcing the code is a ticking time bomb, waiting to be blown up. Another emerging protocol crashes scene. I wonder why so many people still dare to go all in. Only $395,000? This scale isn't big in DeFi, but it's enough to be scary. If I had known it would turn out like this, why didn't I get an audit earlier? To avoid firefighting now.

View OriginalReply0