Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The FutureSwap protocol deployed on Arbitrum was exploited again via a reentrancy vulnerability, following its first attack four days ago, resulting in a loss of approximately $74,000. The attacker had previously abused the reentrancy function 0x5308fcb1 three days earlier to over-mint LP tokens, and after the cooldown period expired, redeemed the excess collateralized assets to realize profit. Attack method (per SlowMist): Reentrancy Attack. Reported loss: $ 74,000.
- chain
- arbitrum
- protocol
- FutureSwap
- bug_class
- reentrancy
- date_occurred
- 2026-01-14
- loss_usd
- $74,000
- source_id
- sm:futureswap::2026-01-14