Decentralized trading protocol Futureswap on the Arbitrum network recently suffered a major security incident. According to on-chain data monitoring, the protocol's contract was exploited a few hours ago, resulting in an estimated $395,000 in direct funds loss.

The attacker’s method was highly targeted — by repeatedly calling the changePosition operation to deplete the contract’s liquidity pool, ultimately successfully extracting a large amount of USDC tokens. This series of actions indicates that the attacker has an in-depth understanding of the protocol’s mechanism.

Currently, Futureswap’s contract code has not been made public, which complicates the process of tracing the root cause of the vulnerability. The security team is conducting an in-depth investigation, with preliminary speculation that the incident may be related to an unexpected logical flaw during the position data update process — for example, under certain operation sequences, the contract’s fund verification mechanism might have a vulnerability.

This incident serves as a reminder to users: even well-known DeFi protocols require high caution, and security audits of emerging trading contracts are crucial. Users are advised to thoroughly understand the open-source status of the code and the progress of security reviews before participating in similar protocols.