Ownership was transferred maliciously

Hello everyone,

I'm an intermediate-level hobby Web3 developer reaching out for a little bit of help in regards to security, which is something that I am trying to learn more about. Recently, a project that I have newly joined to help contribute to, had the ownership of their contract hacked, and switched. I am seeking a little bit of guidance about the malicious ownership transfer, and trying to determine if the contract ownership implementation is secure or if the vulnerability came from outside the contract. I understand this isn't a full audit but I just want to seek some help if there is a flaw in their contract that allowed this to happen, so that I may help them fix the issue.

The contract's github:
contracts/TaurosDAO.sol at main ยท Labyrinthine-Unreal/contracts (github.com)

TaurosDAO | Address 0x94b610adb09eadde3774e93d490861fa4de23f6a | Etherscan

I greatly appreciated any help with pointing me in the direction of the vulnerability, which I don't see or am missing, and if one doesn't exist then at least we know that something else led to the transfer of ownership.


hey @xponent I gave a fast look and seems all fine with Ownable.sol
Which is the issue?

I looked into contract. There is nothing wrong with the contract. It is derived from ownable and no one can transfer the ownership other than owner. Also as you see from the transaction, it has come from the owner.

So if the owner is not malicious, his private key might be compromised.
Interestingly the previous owner, still owns 24 NFTs which are 8.5% of total. So it doesn't look like his account is compromised. Is this a rug pull?

I am fairly new to the project and was not the owner's account. Although I don't believe it to be a rug pull, I'll update the others and I very much appreciate your response @Mohandes!

@FreezyEx I'm assuming maybe the owners account was compromised