Eigenlayer provides developers with access to the Ethereum staked capital base and decentralised validator set. Recently, the platform faced a significant security breach, resulting in the theft of approximately 1.67 million EIGEN tokens, worth around $6 million. The breach was primarily caused by a phishing attack that compromised an email thread between an investor and the Eigenlayer team.
Behind the Breach
The hack occurred when a malicious actor gained access to a private email thread, leading to an unauthorised transfer of tokens. This attack exploited the lack of a robust verification process when handling token transactions, which allowed the hacker to manipulate the situation without raising alarms. Eigenlayer mistakenly sent tokens to the attacker’s wallet after a test transaction, indicating a failure in their security protocols. The stolen tokens were quickly sold on decentralised exchanges, with the proceeds converted to stablecoins and moved to centralised exchanges.
Lessons from the Incident
This incident underscores the critical importance of securing communication channels and implementing stricter verification processes for transactions. The primary takeaway is the need for robust controls around email communications and token transfers.
Rivanorth is a Web3 cybersecurity company specialising in smart contract audits and 360 degree security services for Web3.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.