Hacks

1.67 Million EIGENS Theft Attributed to External Malicious Attacks: SlowMist

Written By

Ritu Lavania

October 29, 2024

SlowMist 1.67 Million EIGENS Theft Due To External Attacks

Blockchain security platform SlowMist has discovered that Eigen Labs theft of 1.67 million EIGEN originated from an external malicious attack.

SlowMist posted on X saying that it was commissioned as an independent third-party investor of Eigen Labs theft. During the probe, the crypto investigator deduced, “the incident started from an external malicious attack: one of Eigen Labs’ investors was the victim of a phishing attack that resulted in one of the Investor’s employee’s email accounts being compromised.”

SlowMist was engaged to act as an independent third-party to investigate the recent incident that resulted in the theft of $EIGEN tokens.🕵️

Following a thorough investigation, SlowMist concluded that the incident started from an external malicious attack: one of Eigen Labs’…

— SlowMist (@SlowMist_Team) October 29, 2024

This enabled the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where the two parties conversed about the transfer of EIGEN to the custodian, who would hold the token on behalf of the investor.

The private email thread was then forwarded from the investor’s email to the attacker. The hacker created and used slightly modified email addresses for the investor and the custodian, then impersonated the investor and responded to a legitimate email ID, causing the response to appear in the same legitimate email thread, containing the attacker’s wallet address, rather than the expected custodian wallet address.

According to SlowMist, the attacker used a slightly modified investor email address in the same email thread to confirm receipt of the test transaction. Likewise, the hacker separately confirmed receipt of the test transactions via a forged custodian email address. All these conversations and actions appeared in the same thread as the initial legitimate thread.

After receiving confirmations from what appeared to be investors and custodians, and with no further communication channels to confirm, the remaining approximately 1.67 million EIGEN were sent to the attacker’s wallet.

EigenLayer reiterated that the incident did not affect the official website, any protocol or token smart contracts, and was not related to any on-chain functionality. Its internal investigation includes a thorough probe of the token transfer approval process to assess any process errors that led to this incident. This will determine what improvements are needed to minimize future risks.

Also Read: Eigen Foundation announces the unlocking of the EIGEN token

Disclaimer: This article is intended solely for informational purposes and does not represent financial, investment, legal, tax, or other professional advice. The opinions and views expressed are those of the author(s) and do not necessarily represent the position of cryptonewsz.com. Cryptocurrency investments and trading entail high risks, including possible loss of some or all of your investment, and prices may be influenced by external events like financial, regulatory, or political events. Past performance cannot be used to determine future results. Readers are strongly advised to do their own research and consult with an expert financial advisor prior to making any investment. cryptonewsz.com takes no responsibility for loss or damages sustained as a direct result of material contained in, or information, published through, this website. Explore our Terms and Conditions and Privacy Policy for more information.
See less

Written by Ritu Lavania

Ritu Lavania is a versatile Web3 content creator with over three years of experience in the crypto space. She is part of the team at CryptoNewsZ, where she writes insightful and engaging content. She has also contributed to TheCryptoTimes and The Coin Edition, where her work has been well received by the crypto community. Skilled in research, creative writing, SEO, and cross-functional collaboration, she creates content tailored to diverse audiences. Passionate about education, she dedicates time to teaching kids and expressing herself through poetry. Always eager to learn, she continuously explores new trends in blockchain and digital assets. She believes in the power of storytelling to make complex crypto topics more accessible and engaging for readers worldwide.

« DTX Exchange Rises as DOGE & PEPE Wallets Profit

AI Recommends Buying Bitcoin: India, Are You Listening? »