Brinc Finance was attacked due to suspected private key compromise, resulting in the loss of 290 ETH (~ $1.1 million)
BEOSIN Eagle-Eye detected that Brinc Finance was attacked due to private key compromise, resulting in the loss of 290 ETH (~ $1.1 million).
Brinc Finance confirmed on its official Twitter that it was attacked.
Attacked Contracts: 0x1eC83036A1dbbd6e001bb216e31b8A259ebd8f3D
The attacker obtained the owner privilege of the contract through transferOwnership, and then extracted 14,308,348.652417053293895952 staked BRC and 3,202,933.299761877660655215 gBRC through the rescueTokens function in the contract, then converted to 290 ETH via swap.
Security summary: 1. rescueTokens function has high authority. Generally speaking this function should only extract other tokens sent to the contract by mistake, not staked tokens and reward tokens. 2. Project parties need to keep the private key properly to prevent loss.