According to Foresight News, SlowMist has released a report as an independent third-party investigator into the October 4 incident involving the theft of EIGEN tokens. The investigation concluded that the incident was caused by an external malicious attack. An investor of Eigen Labs fell victim to a phishing attack, leading to the compromise of an employee's email account. This allowed the attacker to access email threads between the investor, Eigen Labs, and the custodian, discussing the transfer of EIGEN tokens to the custodian on behalf of the investor. The email thread was forwarded from the investor's email to the attacker.
The attacker created and used deceptive email addresses that closely resembled those of the investor and the custodian. By impersonating the investor, the attacker replied to the legitimate email thread, inserting their wallet address instead of the expected custodian wallet address. The attacker then used the deceptive investor email address to confirm receipt of a test transaction within the same email thread. Similarly, the attacker confirmed receipt of the test transaction using a deceptive custodian email address. After receiving confirmations from what appeared to be the investor and custodian, but were actually fraudulent email addresses, approximately 1.67 million EIGEN tokens were sent to the attacker's wallet without further verification through other communication channels.
In response to the incident, EigenLayer has implemented new security and procedural measures and will continue to strengthen its systems and defenses. EigenLayer reiterated that once investors transfer tokens to the custodian, each custodian will lock all investor tokens as per standard practice.
