BlockSec: SwapNet and Aperture Finance Contracts Hacked, Loss Exceeds $17 Million, Attacker Exploits Permission Flaw to Transfer Assets

BlockBeats News, January 26th, BlockSec Phalcon announced that a few hours ago a series of suspicious transactions were detected, targeting a contract deployed by two creators, involving Ethereum, Arbitrum, Base, and BSC, with a total loss exceeding $17 million.

These attacked contracts were not open source and appear to have arbitrary call capabilities. The attacker exploited existing token allowances to transfer and drain the contract's assets by executing transferFrom.

Affected contract deployers:

0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112, with a loss of approximately $3.67 million, which is associated with or related to Aperture Finance;

0x9cb8d9BaE84830b7f5F11ee5048c04a80b8514BA, with a loss of approximately $13.41 million, which is associated with or related to SwapNet.