EigenLayer Faces Security Scrutiny After Hacker Steals 1.67 Million Tokens Through Email Scam

• EigenLayer faces scrutiny after a hacker bypasses security, leading to the unauthorized sale of $5.5 million in tokens.
• The breach highlights internal control issues at EigenLayer, raising concerns about compliance with token lockup policies.
• Hacker exploits email vulnerability, hijacking a wallet address and laundering 1.67 million EIGEN tokens through exchanges.

EigenLayer has launched an investigation after the unauthorized sale of 1.67 million EIGEN tokens, valued at $5.5 million. The sale, conducted via MetaMask, violated the company’s strict token lockup policies for employees and early investors, sparking concerns over security and compliance.

Blockchain analytics firm Lookonchain discovered that the tokens were transferred from an EigenLayer team wallet before being sold. Arkham Intelligence identified the questionable transaction, which utilized a wallet supported by EigenLayer’s multi-signature Gnosis Safe. This event has sparked inquiries about the internal monitoring systems and security procedures of the company.

Breach of EigenLayer Lockup Policy Raises Alarms

EigenLayer enforces a strict lockup policy that restricts employees and early investors from selling or staking tokens until September 2025. According to the policy, only 4% of each recipient’s tokens will unlock monthly, with full vesting scheduled for September 2027. The tokens involved in the unauthorized sale were part of a May 2024 airdrop, making the sale a clear violation of these terms. 

This breach coincided with the platform unlocking its token on October 1, pushing EIGEN into the top 100 tokens by market capitalization. Following the release, the token’s fully diluted valuation surged to $7.2 billion, making the timing of the sale particularly concerning for investors.

Email Hijack Leads to Token Theft

EigenLayer disclosed that the unauthorized sale was part of a larger scheme involving a hacker who hacked an investor’s email. The hacker replaced the intended custodian wallet address with their own, leading to the fraudulent transfer of 1,673,645 EIGEN tokens. Blockchain security firm SlowMist revealed that the stolen tokens were laundered through platforms like HitBTC and converted into USDC and USDT. 

Read CRYPTONEWSLAND on google news

EigenLayer’s investigation into the security breach is ongoing, with efforts focused on strengthening internal controls. In addition, the company is working to reassure investors and prevent future security incidents.