GoPlus: Evoq Finance contract attacked, resulting in a loss of approximately $420,000

ChainCatcher news, according to GoPlus Security monitoring, the smart contract of Evoq Finance on the BNB Chain has been attacked. The attacker stole the owner's account, transferred ownership to themselves, and then upgraded the contract to a malicious version, stealing approximately $420,000 from the protocol and user approvals.

Users should immediately revoke token approvals for contract 0xF9C74A65B04C73B911879DB0131616C556A626bE to prevent further losses. The project team should be aware of using multi-signature and regular key rotation to protect high-privilege accounts. Attack overview: The attacker seems to have stolen the private key of the owner's account (0xF08d1c) and used transferOwnership to transfer ownership to their address (0x7b416F). They then upgraded the proxy contract, draining funds from the contract and approved user accounts.