Futureswap
@futureswapx
Followers
11K
Following
2K
Media
123
Statuses
636
Decentralized leverage trading
San Francisco, CA
Joined December 2019
We will be receiving the Arbitrum airdrop into our Safe (0xdB08917E0AE9075C6577B6a11d0bb78DfBc381e4) on behalf of our community.
19
189
147
What are the best exchanges defi protocols for getting leverage on mainnet?
5
21
27
To get started, go to https://t.co/OEvRxza5sL for the best leverage trading protocol on Ethereum.
0
0
3
Futureswap is a leverage trading platform with low fees and slippage designed for traders, and it's finally launched on Ethereum. We developed Futureswap from the ground up to give you control of your positions and a clear view of the market.
1
0
6
Our focus is on giving traders exposure to the most liquid markets, and by using the most liquid AMM's like Curve and @Uniswap we deliver a leverage trading experience that taps into the deepest liquidity pools on Ethereum.
1
0
2
Four days before the merge and Futureswap is launched on #Ethereum delivering the best leverage trading experience. Our first exchange pair will tap into @CurveFinance's $1.1B stETH pool, enabling traders 10x long/short exposure on stETH/ETH. Leverage The Merge.
2
4
21
7/ Being public with audits + source code—in addition to bug bounty programs—is important for crypto projects, and this is also why security and routine updates can't be rushed. ICYW, we use the best auditors in the space, and we publish audits with each of our protocol updates.
11/ 🔏 In our most recent security audit with leading experts @TrailofBits, there were no notable issues. Check here for more details:
1
0
4
6/ What was particularly painful about this hack, besides Nomad's recent high-profile fundraising rounds, is this was specifically noted in an audit report by @Quantstamp as an exploit opportunity. This could be where initial attackers discovered the critical vulnerability.
1
0
2
5/ Some white hat hackers who partook in the looting have kindly returned funds. Still, 90% of stolen funds remain unreturned. The aftermath from the largest attack of this kind is still ongoing.
Thank you to - 🍉🍉🍉.eth ($4m) - 0xE3F40743cc18fd45D475fAe149ce3ECC40aF68c3 ($3.4m) - darkfi.eth ($1.9m) - returner-of-beans.eth ($1m) - anime.eth ($900k) for returning a total of $11.2m to our recovery address! We’ve recovered a total of $16.6m so far.
1
0
1
4/ @nomadxyz_ is pursuing legal action in cooperation with law enforcement against looters who have not come forward to return pillaged assets. They've put forward a bug bounty for hackers who return at least 90% of stolen funds, in exchange for lawsuit immunity.
2/ Nomad is actively working with @trmlabs and law enforcement to recover funds from black hat hackers. The Nomad Bridge hack has an unprecedented amount of hackers with traceable information tied to their addresses. There will be consequences for these actors.
1
0
1
3/ The exploit spread rapidly as it was surprisingly simple. All anyone had to do was copy the original hacker's transaction calldata, replace the original address with their own or another, and the transaction would succeed. The plunder was near instant, taking only a few hours.
Initial analysis of the @nomadxyz_ exploit points to the processor contract not validating the received message payload.
1
0
2
2/ In short, a maintenance upgrade set the zero hash as a valid root, allowing messages to be spoofed on @nomadxyz_. Because the attacker(s) methods were on-chain, others took note, abused this to copy/paste transactions, and quickly drained the bridge in a frenzied free-for-all.
10/ It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message
1
0
1
1/ If you missed it, another major bridge hack happened earlier this week. The attack on @nomadxyz_ was the first decentralized crowd-looting of a nine-figure bridge in history. What was unique about this hack, and how did it happen? 🧵👇
Crypto Bridge Nomad Exploited for $190M in ‘Frenzied Free-for-All’ ► https://t.co/lXtjpSAad2
1
6
9
8/ Still, we need better secure options for laymen. Apple and Google should enable mobile wallets access to their respective secure enclave processors for generating safe keys. Until then, an external hardware wallet—set up correctly—is the most resilient option for self-custody.
@dizzanxietytho Fucking @apple and @google can give us secure signing and recovery in the device. f’ing hell
0
0
1
7/ For hot wallets you do use, make sure they're open-source (like leading hardware wallets). Man-in-the-middle logs from @MoonRankNFT show the mnemonic phrases being passed to Slope servers over POST requests. This is likely the key vulnerability, which could have been caught.
1
0
1
6/ The biggest takeaway for avoiding this scenario? Use a hardware wallet, as none were affected. Hot wallets like Slope should only hold what you're willing to lose. Hardware wallets also work with browser extensions like MetaMask, and some even have mobile apps for convenience.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
1
0
1
5/ While the exact execution details of the exploit are still unclear, @slope_finance released a statement regarding responsibility and next steps, including encouraging all users to immediately generate a new non-Slope wallet to transfer funds. Note the hardware wallet point. 🗝
Slope statement regarding the breach situation: https://t.co/IhSw4LSVOT
1
0
1
4/ While effective in slowing down the attacker(s), the DDoS made it difficult to track the ongoing exploit and allow vulnerable users to move funds to newly created wallets. Luckily, Yakovenko came in with a fix, and RPC nodes are back online. 👏
1
0
1