Blockchain security platform SlowMist recently revealed that the theft of 1.67 million EIGEN from Eigen Labs was due to an external malicious attack. SlowMist was enlisted as an independent third-party investigator following the incident. The cryptocurrency investigator concluded that the incident was initiated by an external malicious attack, specifically a phishing attack that compromised the email account of an employee of one of Eigen Labs’ investors.
This cyber attack allowed the perpetrator to gain access to private email exchanges between the investor, Eigen Labs, and the custodian. These email communications pertained to the transfer of EIGEN tokens to the custodian, who was tasked with holding the tokens on behalf of the investor.
The attacker managed to intercept the private email thread and forward it from the investor’s email to their own. The hacker then crafted slightly altered email addresses, impersonating the investor and the custodian. By responding to the legitimate email thread with these modified addresses, the attacker was able to convince the parties that the responses were from the legitimate email thread. The responses, however, contained the wallet address of the attacker rather than that of the expected custodian.
SlowMist further detailed that the attacker confirmed the receipt of a test transaction using the slightly modified investor email address in the same email thread. Similarly, the hacker also confirmed the receipt of test transactions through a forged custodian email address, all of which appeared in the initial legitimate email thread.
After gaining confirmations from the fraudulent investor and custodian email addresses, and with no additional communication channels for verification, the remaining 1.67 million EIGEN tokens were transferred to the attacker’s wallet.
In response to the incident, Eigen Labs has stressed that the breach did not affect its official website, any protocols, or token smart contracts, and is not related to any on-chain functionality. The company is conducting an internal investigation which includes a comprehensive examination of the token transfer approval process. The objective of this investigation is to identify any procedural errors that may have contributed to the incident and to implement necessary improvements to mitigate future risks.
This incident serves as a stark reminder of the risks inherent in digital transactions and the importance of robust security measures in the rapidly evolving world of cryptocurrency. It underscores the need for vigilance and the implementation of secure communication channels to prevent such security breaches in the future.
