At around 11 o'clock last night , the on-chain analysis agency Lookonchain detected an abnormal transaction. After a certain address (0xA7A1c66168cC0b5fC78721157F513c89697Df10D) received about 1.67 million EIGEN from Eigenlayer's team address, it sold it completely at a price of 3.3 US dollars, cashing out about 5.51 million. Dollar.
After the transaction was exposed, doubts arose in the community - EIGEN had just lifted the transfer restrictions a few days ago, and the team was blatantly destroying the market like this?
At around 5:30 this morning, EigenLayer gave an official response to community questions.
An isolated incident occurred this morning. An investor's email regarding transferring tokens to a custody address was hijacked by a malicious attacker. The hacker replaced the specific address in the email. As a result, 1,673,645 EIGEN were mistakenly transferred to the attacker. address. The attackers have sold these stolen EIGEN through decentralized exchanges and moved the stablecoins to centralized exchanges. We are liaising with these platforms and law enforcement. Some funds have been frozen.
This disruption did not affect the Eigenlayer system. There are no known vulnerabilities in the protocol or token contracts. This incident has nothing to do with any on-chain functions of EigenLayer.
We are still investigating this situation and will continue to disclose further information as it becomes available.
The attack itself is not complicated. Yu Xian, a well-known security expert and founder of SlowMist, gave a very detailed analysis on Personal X.
Regarding the attack itself, the attacker may have been premeditated for a long time. The attacker's address first received 1 EIGEN, and almost 26 hours later received 1673644 EIGEN, both from the 3/5 multi-signature address (0x87787389BB2Eb2EC8Fe4aA6a2e33D671d925A60f). Then, more than an hour later, various coin launderings began. Gas comes from ChangeNow, and the illegally obtained EIGEN is mainly converted into USDC/USDT and washed mainly through platforms such as HitBTC.
According to the official statement, the reason why the attacker succeeded was "the email was compromised." It is estimated that in the email content, the wallet address expected to receive EIGEN that should be sent was replaced with the attacker's address, causing the project team to enter EIGEN into the attacker's address. Even if 1 EIGEN is sent first, the attacker may also hit 1 EIGEN to the expected receiving address after receiving 1 EIGEN, causing the intended recipient to think that the entire process is correct... Of course, this is just a guess, and the details are subject to official disclosures.
However, this "ordinary" security incident exposed another, more serious problem - why can EigenLayer investors receive EIGEN tokens now? And why can the receiving address (whether it is an investor or a hacker) sell directly without restriction after receiving EIGEN?
In the token economic model previously disclosed by EigenLayer, the "one-year lock-up limit" was clearly emphasized in black and white regarding the shares of early contributors and investors.
After the transfer restrictions on the EIGEN contract are removed, the tokens of early contributors, investors, and Eigen Foundation service providers will be locked for one year. After one year, 4% of each recipient’s EIGEN will be unlocked, and an additional 4% will be unlocked every month thereafter.
As a "king-level" project with a financing scale of over 100 million, TVL ranks at the top of the entire ecosystem, and top exchanges are vying to launch it... It is difficult to imagine that EigenLayer has neither chosen to use the currently mature token distribution protocol nor its own Instead of deploying the token to unlock the contract, it is quite "brainless" to transfer the token to the investor's address immediately after the transfer restriction is lifted...
Judging from the hacker's selling behavior, these addresses are not subject to any hard operating restrictions after receiving the tokens. In other words, EigenLayer seems to be counting on VCs to "ethically lock up"...
What's even more outrageous is that EigenLayer seems to have received an email from an "investor" (actually a hacker) about changing the address, but instead of cross-confirming it by phone or other means, EigenLayer directly released the money to create coins. This led to Hackers managed to steal millions of dollars…
All in all, this whole incident is full of flaws. As long as EigenLayer has implemented normal token unlocking regulations, and as long as the operational quality of the EigenLayer team is even slightly qualified, this hacking incident will not be possible, and EigenLayer will not be The community denounced them verbally and writtenly as the "Grass Team".
From a technical perspective, EigenLayer's innovative "re-pledge" narrative expansion package breaks the boundaries of node verification services, using AVS to extend the node verification service package that was originally only used for network consensus maintenance to oracles, sequencers, and cross-chain bridges. Waiting for more detailed scenes. This has long-term significance for the Ethereum ecosystem and even the entire cryptocurrency market.
But technology belongs to technology, and operations belong to operations. From the past "team members asked for airdrops from ecological projects" controversy to today's "unlocking controversy", these outrageous operations of EigenLayer are gradually overdrafting the trust of the community. For any project, no matter how large it is, this is an extremely dangerous sign.