BlockSec: Two blockchain developers attacked, contract vulnerability leads to $17 million loss

PANews, January 26 — According to monitoring by BlockSec Phalcon, a series of suspicious transactions targeting victim contracts deployed on Ethereum, Arbitrum, Base, and BSC were detected several hours ago. These contracts, deployed by two creators, were attacked, resulting in total losses exceeding $17 million. The victim contracts are not open source and appear to have a vulnerability that allows arbitrary function calls. The attackers abused existing token approvals to execute transferFrom operations and steal assets.

Affected deployers:

• 0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112 — loss of approximately $3.67 million;
• 0x9cb8d9BaE84830b7F5F11ee5048c04a80b8514BA — loss of approximately $13.41 million.