EigenLayer X account compromised, shares malicious airdrop link

EigenLayer’s X account has been compromised after it shared a malicious airdrop link, which was deleted in minutes.
EigenLayer’s X account has been compromised after it shared a malicious airdrop link, which was deleted in minutes.

EigenLayer’s X account has been compromised, as it displayed a fake airdrop campaign.

An Oct. 18 post on Eigenlayer’s X account showed a new airdrop campaign supposedly for users eligible for the previous one.

However, the airdrop claim redirected users to a malicious link that appeared unrelated to the restaking protocol.

Malicious airdrop post. Source: EigenLayer

The post was deleted minutes after it was distributed, suggesting that the attackers may have lost access to the protocol’s account.

Pseudonymous onchain investigator ZachXBT warned users about the malicious airdrop link. The investigator wrote in an Oct. 18 Telegram post:

“Eigenlayer X/Twitter account is currently compromised do not click any links.”

Considering EigenLayer’s popularity, many users may have already visited the malicious link. EigenLayer is the second-biggest protocol on Ethereum, with more than $11.1 billion in total value locked (TVL), according to DefiLlama data.

EigenLayer TVL, all-time chart. Source: DeFiLlama


Related: Bitcoin ETFs hit $20B milestone as price remains stuck in downtrend

More malicious airdrop links

Despite the initial post being deleted within minutes, the account has continued displaying malicious links.

It shared another airdrop campaign with a link that looked almost identical to EigenLayer’s blog.

Hackers, Airdrop, Scams, Hacks, Staking, EigenLayer

EigenLayer, malicious airdrop post. Source: EigenLayer

While EigenLayer’s original blog address is “blog.eigenlayer.xyz,” the malicious link redirects users to “blog.eigenfoundation.org.”

Related: Ether price in 7-month decline amid ‘L1 wars,’ says analyst

X account compromise unrelated to the previous $5.7 million hack?

Amid its growing popularity, EigenLayer is becoming a target for scammers. The current account compromise marks the second attack since the beginning of October.

On Oct. 4, the EigenLayer team said it was investigating an “unapproved selling activity” concerning a wallet ending in “f10D.” The wallet address sold about 1.6 million of EigenLayer’s EIGEN tokens, worth about $5.7 million. 

On Oct. 5, EigenLayer posted a community update saying that the unapproved token-selling incident was caused by a hack. The EigenLayer team said a malicious attacker compromised an email thread involving an investor’s token transfer into custody. 

While the tokens were stolen through a hack, the EigenLayer team assured the community that the incident was isolated and did not affect its broader ecosystem.

The team said that the compromise was not related to any onchain functionality. EigenLayer added that there is no known vulnerability in the protocol or token contracts. 

Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims