How much was lost in the ATM Token hack?

The ATM Token hack resulted in $244K in losses on June 04, 2026.

What attack technique was used in the ATM Token exploit?

The ATM Token exploit utilized Other. Understanding this attack vector is critical for smart contract auditors and developers building secure DeFi protocols.

How can developers prevent similar smart contract attacks?

Preventing smart contract hacks requires a combination of secure coding practices, thorough security audits, and understanding common attack vectors like reentrancy, oracle manipulation, and access control flaws. Smart Contract Hacking (SCH) provides hands-on training to help developers and auditors identify and prevent vulnerabilities before deployment.

ATM Token Hack

TOTAL LOST $244K

Low Jun 04, 2026 Other

Affected Chain 2026 Incident surface

Recovered - No recovery reported

All-Time Rank #1197 By amount stolen

Protocol Type Exploit/Other Target category

Incident Overview

Quick Summary

On June 4, 2026, the ATM token protocol on the BNB Chain was exploited for approximately $243,500 due to a fatal logic flaw in its custom transfer function mechanism.

Details of the Exploit

The core vulnerability resided within the protocol's customized transferFrom() function logic. The contract was engineered with an embedded taxation mechanic designed to automatically route and convert approximately 20% of the transferred transaction amounts into BSC-USD (wrapped USDT/USDC on BNB Chain). However, the contract lacked sufficient operational checks and balance-state validation during the internal swap execution path.

By leveraging this flaw, the attacker executed a sequence of repetitive, cyclical token transfers. Each automated iteration forced the smart contract to interact with its market liquidity pair, extracting BSC-USD and transferring it out of the protocol's reserves to satisfy the faulty reward or burn calculation. By looping this permissionless transfer sequence, the attacker incrementally bled the contract's treasury, netting roughly $243,500 before swapping the proceeds and completing the exploit.

Block Data Reference

Attack Transaction: 0x37b90a33…dcfd86

Incident Report

Protocol / Project ATM Token

Date of Incident June 04, 2026

Attack Technique Other

Classification Token

Primary Source View Post-Mortem

Protocol Information

Protocol Type Exploit/Other

Official Website slamtoken.com/

Protocol Twitter/X @slamtoken

Team Anonymous

Source Code Unverified

Market Context at Time of Hack

Token Categories

Gambling [Deprecated] BNB Smart Chain -> BNB Chain Eco

Protocol Links

GitHub

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of other and Solidity and EVM internals

Capital Required Seed capital to cover gas and initial position setup

On-Chain Access Ability to interact with smart contracts and deploy a custom exploit contract

Protocol Analysis Identification of the exploitable vulnerability in ATM Token's contract logic - root cause: token

Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block

Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Likely — with a thorough Other audit checklist and test coverage

If you're auditing a protocol with similar architecture to ATM Token, these are the critical security checks that could have prevented this incident (June 2026).

Verify all logic paths related to Other are guarded by proper access controls and input validation
Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Proof-of-Concept Exploits

1 PoC available

poc-exploits - atm token

$ ATM Token Hidden transferFrom Auto-Swap Drain

On-Chain Evidence & References

Reference https://hacked.slowmist.io

Sources & References

01
Source 1 https://x.com/TenArmorAlert/status/2062351507056460166

Threat Assessment

Severity Level

LOW

Attack Vector Other
Root Cause Token
Year 2026

Learn to Prevent the Next ATM Token

The ATM Token hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Start Free Trial Browse Attack Library