BlockBeats News, January 26th, BlockSec Phalcon posted that a few hours ago a series of suspicious transactions were detected, targeting a contract deployed by two creators, involving Ethereum, Arbitrum, Base, and BSC, with a total loss exceeding $17 million.
These attacked contracts were not open-source and seem to have arbitrary call capabilities. The attacker exploited existing token allowances to transfer and drain the contract’s assets by executing transferFrom.
Affected contract deployers:
0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112, with a loss of approximately $3.67 million; 0x9cb8d9BaE84830b7f5F11ee5048c04a80b8514BA, with a loss of approximately $13.41 million.
