ATM token was exploited for about $243,000 after an attacker abused custom logic inside the token’s transferFrom()function. The affected transfer function included a mechanism that swapped 20% of the transferred ATM amount into BSC-USD. The attacker repeatedly triggered that behavior, allowing extra value to be swapped out through the token’s own transfer flow.