Evoq Finance contract was attacked and lost about $420,000

According to Bijie.com, on September 10, GoPlus Security monitored an attack on the Evoq Finance smart contract on BNB Chain. The attacker hacked into the owner's account, transferred ownership to himself, and then upgraded the contract to a malicious version, stealing about $420,000 from the protocol and user authorization. It is strongly recommended that users immediately revoke the token authorization of the contract 0xF9C74A65B04C73B911879DB0131616C556A626bE to prevent further losses. Project owners are advised to use multi-signature and periodic key rotation to protect high-privilege accounts. Attack Overview: The attacker appears to have stolen the private key of the owner's account (0xF08d1c) and used transferOwnership to transfer ownership to its address (0x7b416F). They then upgraded their proxy contracts, exhausting funds from the contract and approved user accounts.