Evoq Finance contract was attacked and lost about $420,000

According to ChainCatcher, according to GoPlus Security monitoring, Evoq Finance's smart contract on BNB Chain was attacked. The attacker stole the owner's account, transferred ownership to himself, and then upgraded the contract to a malicious version, stealing about $420,000 from the agreement and user approval. Users need to immediately revoke the token approval of contract 0xF9C74A65B04C73B911879DB0131616C556A626bE to prevent further losses. Project parties should pay attention to using multiple signatures and regular key rotation to protect high-permission accounts. Attack Overview: The attacker appears to have stolen the private key of the owner's account (0xF08d1c) and transferred ownership to its address (0x7b416F) using transferOwnership. Then upgrade the agent contract and drain the funds from the contract and approved user accounts. .