Arbitrum, an Ethereum L2 scaling solution, has recently undergone a staggering exploit. In this respect, the exploiter has drained a total of $395K from Arbitrum while targeting the Futureswap smart contract. As per the data from BlockSec Phalcon, the exploiter carried out a sequence of diverse operations, including $USDC transfers and flash loans. Hence, the respective exploit has raised fear among the users regarding further imminent losses.

ALERT! Our system detected a suspicious transaction targeting @futureswapx’s contract on #Arbitrum a few hours ago, resulting in an estimated loss of ~$395K. We have attempted to contact the team, but have not received a response so far.

The attacker appears to have drained… pic.twitter.com/YPf4vYEqIJ

Based on the on-chain data, a cumulative $395,000 has left Arbitrum in an exploit focusing on its Futureswap smart contract. Particularly, the incident comprised a complex series of diverse operations like $USDC transactions and flash loans. Additionally, the exploit seems to have utilized diverse “changePosition” calls, finally enabling the exploiter to extract a notable $USDC amount.

The transfer trace started with the attacker’s “flashLoanSimple” call, requesting 500B $USDC units to Pool V3 of Aave. This triggered a sequence of different delegate calls via “FlashLoanLogic” and “L2PoolInstance.” Hence, this transferred the funds to the exploiter’s contract. Following that, the attacker executed the “executeOperation” call, getting the $USDC loan, apart from a premium of nearly 250M units. The respective exploit has reportedly stemmed from some unexpected shifts in “stableBalance” accounting that took place during former position updates.

According to BlockSec Phalcon, the respective flaw may have permitted the exploiter to circumvent collateral restrictions as well as extract $USDC while removing positions. At the moment, the Futureswap team is anticipated to release a public statement addressing the incident. The development highlights the significance of strict accounting protections and transparent contract infrastructure in DeFi platforms. Overall, the investigations are underway to come up with suitable updates for likely remedies.

259 +