According to several online reports, the official X account of the restaking protocol EigenLayer appears to have been hacked.
An October 18 post from EigenLayer’s social media account promoted a fake airdrop campaign targeting users eligible for a previous distribution.
Fake Airdrop Claims
Pseudonymous on-chain investigator ZachXBT was among the first to alert users, issuing a warning via Telegram. “EigenLayer X/Twitter account is currently compromised; do not click any links,” he cautioned.
Mudit Gupta, the Chief Information Security Officer at Polygon Labs, amplified the message on X advising users not to click on any links. He noted that there was no new airdrop. DeFiLlama also confirmed the incident through Telegram.
The first post from the hacked account claimed to promote a reallocation of EIGEN tokens for Season 2 of EigenLayer’s stakeholder airdrop and included a malicious link. This was confirmed by the crypto anti-scam platform Scam Sniffer, which shared screenshots of the now-deleted tweets on X.
Clicking the link directed users to a phishing site that was not associated with EigenLayer’s restaking protocol or any legitimate activities.
About ten minutes later, a second message encouraged users to make a claim. It was then followed by a final appeal. All three posts were removed shortly after they were published. Notably, the official Season 2 stake drop was announced in September, and the claim period had already closed.
EigenLayer’s $5.7M hack
The current account compromise is the second attack the protocol has faced since the beginning of October. On October 4, the EigenLayer team announced it was investigating “unapproved selling activity” associated with a now-flagged wallet address. It had sold approximately 1.6 million EIGEN tokens, valued at around $5.7 million.
In a community update posted on October 5, the protocol confirmed that the unapproved token-selling incident was indeed the result of a hack. The team disclosed that a bad actor had compromised an email thread involving an investor’s token transfer into custody.
They stated that the attacker sold the stolen tokens using a decentralized swap platform and moved stablecoins to centralized exchanges. Meanwhile, the protocol mentioned that they had already reached out to the platforms and authorities, adding that some of the funds had already been frozen.
Despite this breach, the EigenLayer team assured the community that the incident was isolated and did not affect its broader ecosystem. “There is no known vulnerability in the protocol or token contracts and this compromise was not related to any onchain functionality,” they added.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!