The Crypto Desk

Victim Loses $800K in Airdrop Scam Following EigenLayer X Account Hack

EigenLayer Account Compromise

On October 18, 2024, EigenLayer’s X account, which is the second-largest protocol on Ethereum, fell victim to a hacking incident. The attackers used the account to promote an airdrop scam, resulting in one victim losing over $800,000 in cryptocurrency. EigenLayer Labs issued a public warning regarding the compromise of the “@EigenLayer” account, advising users to refrain from clicking any suspicious links and to verify web addresses carefully.

Warning from EigenLayer Labs

In a dedicated post on X, EigenLayer Labs addressed the situation, stating, “The @eigenlayer handle has been compromised. Please do not engage with any suspicious links and actively double-check and verify you are engaging with ‘https://t.co/tg4hzOLtP5’. An update will be provided once secured.” This disclaimer serves as a crucial reminder for the community to ensure they are correctly identifying official communications.

Investigation and Airdrop Scam Details

Pseudonymous on-chain investigator ZachXBT was one of the first to alert users about the fraudulent links associated with the compromised account. He posted warnings on Telegram to advise users against interacting with any suspicious links. According to security analyst Scam Sniffer, the scam managed to deceive at least one individual out of over $800,000 in cryptocurrencies.

Despite efforts to mitigate the damage, the hacker continued to use the compromised account to disseminate malicious links, misleading users with fake “reminders” and “final calls” related to a supposed airdrop of EIGEN tokens. It’s important to note that the claim period for the Season 2 airdrop had already ended the previous month, raising red flags about the ongoing communication.

Fraudulent Links and Their Identifiers

The attacker’s posts have been crafted to closely resemble EigenLayer’s usual communications, even embedding themselves within threads that reference fake blog entries. ZachXBT made a critical observation, highlighting that while EigenLayer’s official blog is located at “blog.eigenlayer.xyz,” the fraudulent links redirect users to “blog.eigenfoundation.org.”

Victims tempted by these deceptive postings are directed to a scam site that prompts them to connect their wallets to claim their airdrop. This strategy is a known tactic among scammers, often resulting in wallet draining, where users unknowingly provide access to their accounts, leading to the theft of their cryptocurrencies.

EigenLayer’s Advice and Community Awareness

In response to the ongoing threat, EigenLayer has urged its users to exercise caution and double-check any web addresses provided in communications. The team has committed to keeping the community informed with updates as they work to secure the compromised account.

Patterns of Targeted Attacks on EigenLayer

This hacking incident is not an isolated event; it marks a worrying trend as EigenLayer appears to be increasingly targeted by scammers. Incidentally, this is the second compromise the platform has experienced in a matter of weeks. Earlier in October, EigenLayer revealed that a wallet address had engaged in unapproved selling activity involving approximately 1.6 million $EIGEN tokens, valued around $5.7 million.

The subsequent day, EigenLayer issued a community update explaining that this activity was linked to a hack where an email thread concerning an investor’s token transfer was compromised. Although tokens were stolen, the EigenLayer team reassured their community that this incident was isolated and not a reflection of any vulnerabilities within their on-chain functionality or token contracts.

Importance of Vigilance in Cryptocurrency

This incident emphasizes the need for continuous vigilance in the cryptocurrency community. Hacking verified social media accounts to mislead users into visiting fraudulent sites is a common methodology employed by scammers. As the landscape of cryptocurrency evolves, so do the tactics used by malicious actors, making it paramount for users to stay informed and cautious.

Visited 1 times, 1 visit(s) today