The EigenLayer team is still dealing with the “unauthorized selling activity” fallout related to the wallet that dropped its EIGEN token to $5.5 million (or 1,673,645) late last week.
“In an isolated incident this morning, an email thread involving an investor transferring tokens to a jailbreak was compromised by a malicious attacker,” the EigenLayer (EIGEN) team announced on Twitter on October 4. The group said it was tricked by email into transferring the tokens to the attacker's wallet after sending a test transaction of 1 EIGEN a day earlier.
The EigenLayer team did not immediately respond to a request for comment from Decrypt.
“The attacker sold these stolen EIGEN tokens on a decentralized swap platform and transferred the stablecoin to a centralized exchange,” the team explained.
Blockchain data shows that the wallet made the sale using MetaMask's “Swap” feature. While the tokens were worth around $5.5 million at the time, it appears that the attacker made less than the $3.1 million USDC available for sale.
EigenLayer, the team behind the Ethereum staking protocol, said it is cooperating with law enforcement and that a portion of the stolen funds have already been blocked. The group explained to the community that the incident does not affect the wider ecosystem and does not cause any vulnerability in the protocol or token contracts.
However, some members of the crypto community expressed skepticism about the team's explanation, questioning why tokens were sent directly to investors without a vesting contract—especially when they had to be during a lock-up period.
“We believe Web3 will eliminate human error with modern contracts, but many projects still rely on manual handling of token vetting. We need to stop this ASAP,” commented Andreas Pensold, CEO of Pindora's decentralized physical infrastructure (DePin).
“The EigenLayer incident is a prime example of social engineering,” he said.
CEO of crypto cybersecurity firm Blockade Ido Ben Nathan told Decrypt that the attack shows that it is still important to verify every link on the chain. “We see attackers frequently exploiting loopholes that should be regular verification measures, not technical flaws,” he said, thus highlighting the importance of the process.
“Simple address verification could have caught the difference earlier and prevented the attack,” he said. “Anti-phishing training and laws prove to be the best way to reduce the impact of phishing attacks,” Artem Irgebaev, a smart contract developer at crypto cybersecurity firm Immunefi, said in an email to Decrypt.
EIGEN's price fell to a low of $3.08 over the weekend but has rebounded in the past 24 hours, trading at $3.33 at press time. The report follows reports in late September that Eigenlayer is set to open for business on September 30, five months after its tokens were released to users.
Edited by Stacy Elliott.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
