EigenLayer completes investigation on $5.7M hack

EigenLayer has released a statement concerning the isolated incident that drained an individual wallet of close to $6 million worth of EIGEN tokens. The Ethereum stake protocol announced it had completed investigations concerning the unapproved liquidation.

EigenLayer stated that the incident did not affect the protocol’s internal infrastructure, including the EigenLayer website, internal protocols, and token smart contracts. The announcement also detailed that the incident was unrelated to any on-chain dysfunctionality.

EigenLayer concludes $6M October incident investigation

EigenLayer emphasized that the investigation focused on a comprehensive analysis of the protocol’s token transfer approval process to identify any vulnerabilities that may result in a similar incident. EigenLayer also mentioned the transfer process review aims to create solutions for improvements to minimize risks in the future.

Following our first report of this isolated incident involving multiple parties on October 4th, 2024, the investigation of this incident has been completed. The incident did not affect our website, any protocol or token smart contracts, and was not related to any onchain… https://t.co/3f0G1IyPJY

— EigenLayer (@eigenlayer) October 29, 2024

As a result of the investigations, the restaking platform announced new security and process measures. EigenLayer assured investors their funds would be locked up when they transfer their tokens to custodians. 

The announcement extended gratitude to third parties such as ZachXBT, zeroShadow, and Cryptoforensic investigators. EigenLayer took part in the investigations and the law enforcement froze a substantial amount of the stolen funds.

EigenLayer had also contracted SlowMist, a blockchain security firm, to investigate the incident. SlowMist announced that the incident was caused by an external malicious attack. According to SlowMist, one of Eigen Labs’ investors experienced a phishing attack that caused a subsequent compromise on one of the investor’s employees.

Attacker accessed email thread and authorized transactions

The attacker managed to access an email thread between the custodian, the investor, and Eigen Labs, where the parties had conversations about transferring the investor’s tokens to a custodian. The malicious attacker then created lookalike emails posing as the investor and the custodian. Using the spoofed investor email, the attacker responded to the thread and sneaked in their address rather than the custodial address.

The attacker confirmed to have received a test transaction posing as the custodian, and the rest of the transaction involving 1,673,645 EIGEN tokens was executed without further confirmation.

“The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges.”

EigenLayer

The attacker then swapped the EIGEN tokens to stablecoins through a decentralized swap platform and transferred the tokens to centralized exchanges. The security team at Eigen Labs contacted law enforcement and the DeFi platform, freezing a portion of the funds.

According to CoinMarketCap, EigenLayer’s native asset, EIGEN, has dipped by over 17% in the last seven days. EIGEN is trading at a price of $2.85 with a market cap of $531.2 million. The token surged to its all-time high of $4.53 at the beginning of October, but it is currently down by 38%.