BlockSec: Two blockchain developers attacked; contract vulnerability causes $17 million in losses.

Hours ago, a series of suspicious transactions targeting victim contracts deployed on Ethereum, Arbitrum, Base, and BSC were discovered. These transactions, originating from contracts deployed by two creators, resulted in a total loss exceeding $17 million. The victim contracts were not open source and appear to contain an arbitrary call vulnerability. The attackers abused existing token authorization to execute transferFrom operations to steal assets.