🚀 Evoq Finance Suffers $420,000 Loss in BNB Chain Smart Contract Attack
#EvoqFinance #BNBChain #SmartContractAttack #SecurityBreach #OwnershipTransfer #TransferOwnership #ProxyUpgrade #DrainingFunds #TokenApprovals #MultiSignature #KeyRotation #0xF9C74A65B04C73B911879DB0131616C556A626bE #0xF08d1c #0x7b416F
According to PANews, Evoq Finance's smart contract on the BNB Chain was compromised, resulting in a significant security breach. The attacker managed to steal the owner's account, transferring ownership to themselves and subsequently upgrading the contract to a malicious version. This led to the theft of approximately $420,000 from the protocol and user approvals.
Users are advised to immediately revoke token approvals for the contract at address 0xF9C74A65B04C73B911879DB0131616C556A626bE to prevent further losses. The project team is urged to implement multi-signature protection and regular key rotation to safeguard high-privilege accounts.
The attack overview indicates that the perpetrator likely obtained the private key of the owner's account (0xF08d1c) and used the transferOwnership function to shift ownership to their address (0x7b416F). They then upgraded the proxy contract, draining funds from both the contract and approved user accounts.#EvoqFinance #BNBChain #SmartContractAttack #SecurityBreach #OwnershipTransfer #TransferOwnership #ProxyUpgrade #DrainingFunds #TokenApprovals #MultiSignature #KeyRotation #0xF9C74A65B04C73B911879DB0131616C556A626bE #0xF08d1c #0x7b416F
🚀 Request Finance Security Breach Affects Single User
#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
According to Foresight News, a security breach at the integrated financial platform Request Finance has impacted only one user. On September 10, an attacker infiltrated the front-end system of Request Finance, injecting authorization commands into a contract that appeared identical in name, address, partial ABI interface, and recent activity. As a result, the affected user not only transferred funds to the legitimate contract but also inadvertently authorized the contract to consume an unlimited amount of USDC. In response, the team has implemented additional protective measures and monitoring systems to prevent future incidents.#RequestFinance #SecurityBreach #FrontEndAttack #SmartContractAttack #USDC #DeFiSecurity #BlockchainSecurity #Web3Security #IncidentResponse #Monitoring
🚀 Futureswap Contract on Arbitrum Faces Reentrancy Attack
#Arbitrum #Futureswap #ReentrancyAttack #BlockchainSecurity #CryptoVulnerability #LPtokens #SmartContractAttack #CryptoLoss
According to Foresight News, BlockSec Phalcon has reported that the Futureswap contract on Arbitrum has been attacked again, resulting in an estimated loss of approximately $74,000. Although the financial impact is relatively minor, the incident has highlighted a new vulnerability: a reentrancy flaw. The attacker exploited this flaw through a two-step process involving a three-day cooling period to steal funds from the protocol.
In the first step, during the minting phase, the attacker took advantage of the reentrancy vulnerability by re-entering the 0x5308fcb1 function before the contract could update its internal records. This allowed the attacker to mint a large number of LP tokens disproportionate to the actual assets deposited.
In the second step, after the mandatory three-day withdrawal cooling period, the attacker executed a withdrawal, burning the illegally minted LP tokens to redeem the underlying collateral. This effectively enabled the attacker to extract assets from the protocol and secure a profit.#Arbitrum #Futureswap #ReentrancyAttack #BlockchainSecurity #CryptoVulnerability #LPtokens #SmartContractAttack #CryptoLoss