9 hours ago
1745
Decentralized leverage trading platform on Arbitrum, Futureswap, has reportedly lost around $395,000 in a suspected exploit, according to blockchain security firm BlockSec, extending an unwanted streak of Arbitrum-based DeFi casualties to start 2026.
The incident is the latest breach to affect a DeFi protocol on the Arbitrum network in 2026, with only ten days into the year.
The news first broke when Phalcon, BlockSec’s threat detection platform disclosed on X that it had detected suspicious transactions targeting Futureswap’s contract.
The security firm said it had attempted to contact the team but had received no response at the time of publication. For context, the project’s X account last posted in 2022.
According to Phalcon, “The attacker appears to have drained funds through multiple changePosition operations, eventually withdrawing a large amount of USDC.”
It also added, “Since the contract is not open-sourced, the exact root cause still requires further investigation.”
ALERT! Our system detected a suspicious transaction targeting @futureswapx’s contract on #Arbitrum a few hours ago, resulting in an estimated loss of ~$395K. We have attempted to contact the team, but have not received a response so far.
The attacker appears to have drained… pic.twitter.com/SD5CUCfA8h
— BlockSec Phalcon (@Phalcon_xyz) January 10, 2026
How did Futureswap get hacked?
BlockSec analyzed the on-chain behavior and stated that it suspects “the incident may be related to unexpected stableBalance accounting changes during earlier position updates, which later allowed USDC to be released when removing collateral.”
A few days earlier, on January 5, Cryptopolitan reported that two Arbitrum projects lost $1.5 million in smart contract access attacks. USD Gambit and TLP, both launched by the same deployer, suffered unauthorized withdrawals after an attacker gained admin access and replaced smart contracts with malicious versions.
According to blockchain security firm Cyvers Alert, preliminary analysis shows that the single deployer may have lost access to their account. “The attacker then deployed a new contract and updated the ProxyAdmin privileges to gain control,” Cyvers Alert stated.
The stolen funds were later bridged to the Ethereum network and deposited into Tornado Cash.
Are hackers targeting Arbitrum?
Arbitrum’s name has come up a lot in the 2026 DeFi hacks reported so far. In early January, TMX Tribe suffered a $1.4 million exploit, while the IPOR Fusion USDC vault lost $336,000 through a legacy contract vulnerability, though the DAO pledged full user reimbursement.
Security researchers have noted that recent attacks follow a similar pattern that has been linked to North Korean state-sponsored hackers, who predominantly use Tornado Cash to launder funds. The attackers have learned to move quickly to swap and mix stolen funds almost immediately to avoid address blacklisting.
These breaches typically target high-liquidity ecosystems because that way, the exploiters maximize their chances of major hauls. According to Defillama, Arbitrum holds over $3 billion across DeFi protocols on the platform, and it has never been far from the number one spot among Ethereum L2s in terms of TVL since it launched in 2021.
Another common theme among recent hacks has been that they typically go for older smart contracts still holding liquidity.
In July 2025, Cryptopolitan reported that the Arbitrum Foundation rolled out a $14 million war chest via the Arbitrum Audit Program to support native projects by subsidizing their smart contract audits.
Exploit loot is quickly rerouted through mixers
The fourth quarter of 2025 saw a spike in Tornado Cash deposits, with the mixer now holding a record value locked from both new hacks and older exploits. The platform contains more than 338,000 ETH, which is more than its 2021 peak. Mixers like Railgun have also experienced an uptick in activity at the end of 2025.
The attacks have primarily targeted relatively obscure projects based on what analysts have observed. USD Gambit, for instance, points to a singular exchange being phased out in the coming weeks. Despite launching in 2023, the project did not benefit from the recovery of DeFi and perpetual futures trading, making it an easier target with less security oversight.
If you're reading this, you’re already ahead. Stay there with our newsletter.
English (US)