Eigenlayer Official X Account Reallocation Phishing

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

EigenLayer Homepage

EigenLayer is another restaking platform, which offers Ethereum holders the ability to earn more staking rewards on their already staked Ethereum. On October 18th, 2024 their X account promised that a new round of token allocation would happen, in line with their "programmatic incentives" program. In reality, their account was taken over by hackers and anyone who approved the malicious smart contract would have their wallet drained. It has been reported that over $1m was lost, including one user who lost $804k.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28]

About Eigenlayer

"EigenLayer is a protocol built on Ethereum that introduces restaking, a new primitive in cryptoeconomic security. This primitive enables the reuse of ETH on the consensus layer. Users that stake ETH natively or with a liquid staking token (LST) can opt-in to EigenLayer smart contracts to restake their ETH or LST and extend cryptoeconomic security to additional applications on the network to earn additional rewards."

"We're happy to announce that eligible participants for Season 2 have been reallocated EIGEN tokens! Now that we are transitioning into Programmatic incentives, the remaining EIGEN supply for Season 2 has been redistributed. Get started."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Eigenlayer Official X Account Reallocation Phishing
Date Event Description
October 18th, 2024 3:40:00 AM MDT X Account Breach Occurs According to a later tweet by Eigen Labs, their X account was breached "at roughly 5:40am ET".
October 18th, 2024 4:18:00 AM MDT GODofETH Tweet Warning X user GODofETH posts a tweet warning about the hacked account.
October 18th, 2024 4:42:00 AM MDT CyversAlerts Tweet Loss CyversAlerts reports $804k lost when one user signs the malicious phishing contract from EigenLayer.
October 18th, 2024 2:34:00 PM MDT TknWire Loss Estimate Report TknWire reports that $800k has been lost as part of the phishing scam.
October 18th, 2024 5:54:00 PM MDT TknWire Loss Estimate Report TknWire reports that $1m has been lost as part of the phishing scam.
October 18th, 2024 7:15:00 PM MDT Eigen Labs Posts Tweet Eigen Labs posts a tweet where they highlight that the account breach happened "at roughly 5:40am ET". They appearently had responded within 20 minutes. The account is locked and they are recovering full access. This account will be used for updates in the meantime.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $1,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"ALERT Our system has just detected that someone lost around 804K worth of $mETH signing a malicious phishing contract!

Victim 0x84b....42E43 has approved malicious contract around 14 min ago! We advise to revoke all your approvals for phisher contract! Funds are currently sitting at phisher's address!"

"The official X account of Eigenlayer, the Ethereum re-staking protocol, is suspected to have been hacked. The hacker has posted a fake phishing link; please do not interact with it."

"This morning, at roughly 5:40am ET, the @eigenlayer twitter account was compromised, malicious tweets were posted containing phishing links, and we were locked out of the account.

Within 20 minutes, we were actively investigating and containing the situation with the help of security consultants @_SEAL_Org & @BrainchainLLC. By 11:00am ET, X Support locked down the account. We are now in the process of recovering full access.

After an in-depth investigation of our internal tools, devices, and activity logs, we have found no evidence of suspicious activity or breach across any of our systems or users. The robust security measures on our X account—including passkey 2FA, delegated access controls, and additional layers of protection—also show no evidence of being compromised.

Security and the trust of our community are our top priorities, and we are continuing to investigate all potential root causes of this incident, including X potentially being directly compromised via social engineering/phishing. In addition, we are exploring all options for pursuing the attacker, including working with onchain forensics teams and law enforcement.

Once we regain access to @eigenlayer, we will alert the community with an update. In the meantime, all EigenLayer official communications will come from this account @eigen_labs."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. EigenLayer官方X账户疑似被盗,用户需注意风险_快讯-odaily (Accessed Nov 11, 2024)
  2. @mikadontlouz Twitter (Accessed Nov 11, 2024)
  3. @aura3_io Twitter (Accessed Nov 11, 2024)
  4. @mdtrade Twitter (Accessed Nov 11, 2024)
  5. @noahmetaX Twitter (Accessed Nov 11, 2024)
  6. @CryptoJoseJM Twitter (Accessed Nov 11, 2024)
  7. @Takuri333 Twitter (Accessed Nov 11, 2024)
  8. @Market_Feeling Twitter (Accessed Nov 11, 2024)
  9. @Bradicoin10 Twitter (Accessed Nov 11, 2024)
  10. @CryptoGenius419 Twitter (Accessed Nov 11, 2024)
  11. @LuckyTraderHQ Twitter (Accessed Nov 11, 2024)
  12. @CryptosToWatch Twitter (Accessed Nov 11, 2024)
  13. @BeCrusaders Twitter (Accessed Nov 11, 2024)
  14. @RssBit Twitter (Accessed Nov 11, 2024)
  15. @DerekJoe56555 Twitter (Accessed Nov 11, 2024)
  16. @AltcoinWave Twitter (Accessed Nov 11, 2024)
  17. @BitBoxNews Twitter (Accessed Nov 11, 2024)
  18. @crypto__mak Twitter (Accessed Nov 11, 2024)
  19. @CryptoDenLive Twitter (Accessed Nov 11, 2024)
  20. @ByteAINewsBot Twitter (Accessed Nov 11, 2024)
  21. @btc_pulse_ Twitter (Accessed Nov 11, 2024)
  22. @pnxgrp Twitter (Accessed Nov 11, 2024)
  23. @cryptonews Twitter (Accessed Nov 11, 2024)
  24. @GODofETH Twitter (Accessed Nov 11, 2024)
  25. @Penkendraa Twitter (Accessed Nov 11, 2024)
  26. @TknWire Twitter (Accessed Nov 11, 2024)
  27. @FigoETH Twitter (Accessed Nov 11, 2024)
  28. @PRO_BLOCKCHAIN Twitter (Accessed Nov 11, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Eigenlayer_Official_X_Account_Reallocation_Phishing&oldid=6341"