CoinVoice recently learned that in response to the security incident in which EigenLayer disclosed that an investor’s email transferring tokens to a custodial address was hijacked by a malicious attacker, SlowMist Yuxian published an analysis on the X platform, saying: “The attacker may have planned for a long time. The attacker’s address first received 1 EIGEN, and after about 26 hours, it received 1673644 EIGEN, all from 3/5 multi-signature addresses.
Then, more than an hour later, various coin laundering operations began. Gas came from ChangeNow, and the illegally obtained EIGEN was mainly exchanged into USDC/USDT, and mainly laundered through platforms such as HitBTC.
The official reason for the attacker’s success was that the email was hacked. It is estimated that in the email content, the wallet address that was supposed to receive EIGEN was replaced with the attacker’s address, causing the project party to send EIGEN to the attacker’s address. Even if 1 EIGEN was sent first, the attacker might have sent 1 EIGEN to the expected receiving address after receiving 1 EIGEN, causing the expected recipient to think that the entire process was correct. Of course, this is just speculation, and the official disclosure shall prevail. [Original link]