cryptonewsz.com
Blockchain security platform SlowMist has discovered that Eigen Labs theft of 1.67 million EIGEN originated from an external malicious attack.
SlowMist posted on X saying that it was commissioned as an independent third-party investor of Eigen Labs theft. During the probe, the crypto investigator deduced, “the incident started from an external malicious attack: one of Eigen Labs’ investors was the victim of a phishing attack that resulted in one of the Investor’s employee’s email accounts being compromised.”
SlowMist was engaged to act as an independent third-party to investigate the recent incident that resulted in the theft of $EIGEN tokens.🕵️
Following a thorough investigation, SlowMist concluded that the incident started from an external malicious attack: one of Eigen Labs’…
— SlowMist (@SlowMist_Team) October 29, 2024
This enabled the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where the two parties conversed about the transfer of EIGEN to the custodian, who would hold the token on behalf of the investor.
Advertisement
The private email thread was then forwarded from the investor’s email to the attacker. The hacker created and used slightly modified email addresses for the investor and the custodian, then impersonated the investor and responded to a legitimate email ID, causing the response to appear in the same legitimate email thread, containing the attacker’s wallet address, rather than the expected custodian wallet address.
According to SlowMist, the attacker used a slightly modified investor email address in the same email thread to confirm receipt of the test transaction. Likewise, the hacker separately confirmed receipt of the test transactions via a forged custodian email address. All these conversations and actions appeared in the same thread as the initial legitimate thread.
After receiving confirmations from what appeared to be investors and custodians, and with no further communication channels to confirm, the remaining approximately 1.67 million EIGEN were sent to the attacker’s wallet.
EigenLayer reiterated that the incident did not affect the official website, any protocol or token smart contracts, and was not related to any on-chain functionality. Its internal investigation includes a thorough probe of the token transfer approval process to assess any process errors that led to this incident. This will determine what improvements are needed to minimize future risks.