Eigen Labs recently informed its community about a large-scale phishing attack that resulted in the theft of over 1.67 million EIGEN tokens, worth millions of dollars.
The hack has raised serious concerns about security practices for handling cryptocurrency, especially given the complex nature of the attack.
According to a detailed report by blockchain security firm SlowMist, the phishing attack started when a hacker gained access to an employee email account at a company that had invested in Eigen Labs.
The hacker used this access to impersonate trusted parties in ongoing email conversations, crafting fake emails that closely mimicked real ones.
Posing as both the investor and the third-party custodian, the attacker inserted emails that appeared legitimate, allowing them to carry out their plan undetected.
The attacker’s goal was to change the token transaction address, enabling them to steal the investor’s EIGEN tokens. By placing fake approval emails into real email threads, the hacker successfully altered the address for the token transfer to their own.
Since the emails seemed to come from trusted sources, the change went through without any extra verification. This allowed the attacker to take control of over 1.67 million EIGEN tokens, valued at approximately $6 million. After obtaining the tokens, the attacker quickly converted them.
“The attacker sold these stolen EIGEN tokens via a decentralised swap platform and transferred stablecoins to centralised exchanges”, stated Eigen Labs in a press release.
This step helped the attacker make the tokens more difficult to trace and cash them out for fiat currency.
Response and security improvements
Following the attack, EigenLayer, the Ethereum staking protocol responsible for managing EIGEN tokens, issued a statement confirming that the incident was isolated to a single investor and did not affect EigenLayer’s internal systems.
According to EigenLayer, their core infrastructure, website, and token smart contracts were not compromised in the attack, and no issues with on-chain functionality were identified.
The phishing attack was limited to a single wallet associated with one of Eigen Labs’ investors.
EigenLayer has since taken steps to improve its security protocols and reduce the chances of similar attacks in the future. In their statement, EigenLayer mentioned that they have closely examined their token transfer approval process to pinpoint any weaknesses that might make such an attack possible.
This review has led them to consider improvements in security measures for handling large token transfers.
To increase security, EigenLayer is introducing new measures to ensure investor funds are securely locked when tokens are transferred to custodians. This is intended to add another layer of protection for investors by making it harder for malicious actors to exploit any security gaps.
EigenLayer’s team expressed appreciation to partners and independent security researchers, including ZachXBT and zeroShadow, for their assistance in the investigation.
Law enforcement agencies were also involved and were able to freeze a substantial portion of the stolen funds, reducing the losses from the attack.
Since the attack, EIGEN’s market value has taken a hit, dropping by over 17% in the past week. According to CoinMarketCap, the EIGEN token is currently priced at $2.85, significantly lower than its early October high of $4.53.
With a market cap now at $531.2 million, the token’s recent performance reflects the impact of this attack on investor confidence and market sentiment.
