Fusion Optimizer suffers Arbitrum Vault vulnerability, IPOR initiates compensation plan

2026-01-07 02:42:12

【BitPush】The IPOR team discovered a security incident on January 6th — a vulnerability in the Arbitrum Vault of its USDC Fusion Optimizer product.

The incident involved a loss of approximately $336,000 USDC. The vulnerability targeted a specific version of the old Fusion Vault. Due to the vault’s unique configuration parameters, it became the only target susceptible to this type of attack. In the context of the entire Fusion ecosystem’s guarantee fund, this loss accounts for less than 1%.

Upon discovering the vulnerability, IPOR immediately activated its response plan: on one hand, collaborating with Security Alliance to track and recover the funds; on the other hand, IPOR DAO decided to allocate funds from the treasury to cover this shortfall. All affected depositors will receive 100% full compensation, ensuring that user assets are not lost as a result.

This incident also serves as a reminder to Web3 users about the importance of smart contract risk management — regular security audits and timely vulnerability response mechanisms are crucial for maintaining the stability of the DeFi ecosystem.

ARB1,84%

USDC0,02%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

24 Likes

Reward
24
8
Repost
Share

Comment

0/400

SignatureCollector

· 19h ago

36,000 USD is all? Less than 1% of the total, IPOR's response was quite quick this time --- The old version of the vault had issues again. When will they learn their lesson... --- Recovering funds sounds good, but I'm worried it might just be empty talk --- Fortunately, the losses weren't too big, or else there would be another liquidation wave --- Once again, Arbitrum's vault had problems. What's going on with this chain... --- Tracking by Security Alliance, this time it looks quite legitimate, thumbs up --- Are specific versions more vulnerable to attacks? Does that mean other versions are safe... Is that true? --- A vulnerability worth 336,000, luckily it was just the old vault, or else it would have been a huge loss --- IPOR's response speed is acceptable, no delays --- The compensation plan has been announced, much better than some projects

View OriginalReply0

BearMarketSurvivor

· 01-08 06:05

Another vault issue? These days, DeFi really can't hold up anymore. Old configuration parameters haven't been updated? How lazy can you be? $336,000 may not be a lot, but it's not insignificant either. Luckily, it's not a percentage that would be a disaster.

View OriginalReply0

VitalikFanAccount

· 01-07 03:11

336,000? Less than 1% actually. I'm curious to see how large the entire scale is...

View OriginalReply0

LiquidityWitch

· 01-07 03:04

ah, so IPOR got cursed by their own vault configuration... legacy code strikes again, always does. less than 1% of the ecosystem though? that's almost... underwhelming for a degen story ngl

Reply0

ForkPrince

· 01-07 02:48

336,000 gone, and still claiming it's less than 1%? Playing these numerical games is quite something. It's still the old version of pot... When will the project team finally shed these historical burdens? How high the recovery probability is depends on the methods of Security Alliance.

View OriginalReply0

VirtualRichDream

· 01-07 02:45

336,000 dollars lost, this is the daily life of Web3.

View OriginalReply0

YieldWhisperer

· 01-07 02:45

Yet again another explosion of issues. These days, vault vulnerabilities are as common as discounts at convenience stores. --- 33.6k? That's nothing. My losses from DeFi mining are even higher than that. --- Was the old version's configuration parameters set so absurdly? How did it become a honeypot for vulnerabilities? --- At least IPOR reacts quickly; otherwise, it would have been a bloodbath. --- Less than 1%? Sounds good, but it's all real money being lost. --- When will Web3 become more stable? Every week, I have to be on edge. --- How much can the Security Alliance recover? Usually, these things can't be fixed. --- I just want to know who can compensate me for my losses during the Luna crash... --- Why does Arbitrum keep having issues? Is there an inherent risk in the chain itself? --- Fast forward, and someone in the IPOR community is about to sue again, aha.

View OriginalReply0

HashRateHustler

· 01-07 02:43

$336,000 is all? Such a big ecosystem and no impact at all --- Old vaults are indeed a hidden danger; regular audits are necessary --- The response speed is pretty good, much better than some projects --- It's another Arbitrum issue; layer2 security really needs more attention --- Recovering funds is the key; how will it be handled afterward? --- Less than 1% is okay; I was startled, thought it was a major incident --- It was about time to eliminate those old configurations; lessons must be learned this time --- Is partnering with Security Alliance reliable? How was it before? --- Fortunately, the issue was discovered quickly; delaying by a day could have had different consequences --- Just want to know what the compensation plan is—insurance or direct reimbursement

View OriginalReply0