A malicious airdrop scam linked to the hacked EigenLayer X account has resulted in at least one victim losing $800,000 in cryptocurrency. The attack took place on October 18, when EigenLayer, a major Ethereum protocol, reported its official X account had been compromised.

The scam revolved around a fake airdrop, luring users to click on fraudulent links with the promise of receiving EIGEN tokens. On-chain investigator ZachXBT was among the first to warn the community, urging people not to engage with any links sent from the compromised account. Despite efforts to stop the scam, hackers continued posting fake “reminders” and “final calls” for an airdrop that had already ended, convincing at least one user to link their wallet.

The scammers used a nearly identical URL to the real EigenLayer site, tricking victims into providing access to their crypto wallets. Once connected, the attackers quickly drained funds from the wallets in a classic phishing-style attack. This particular method, called an "approval phishing attack," allows the hackers to transfer crypto assets without further user consent once the approval is granted.

Hacker’s Campaign and Response

The hacking group behind the attack has used sophisticated techniques, including mimicking legitimate blog posts and interfaces to make the scam look credible. Although the EigenLayer team is actively removing malicious posts and addressing the hack, the fraudulent campaign is still ongoing.

This attack marks the second time in October that EigenLayer has been targeted. Earlier this month, an unrelated hack led to the sale of 1.6 million EIGEN tokens, valued at approximately $5.7 million. While the team has assured the public that the incident was isolated and not due to protocol vulnerabilities, the series of attacks has raised concerns about the platform’s security.

Crypto scams are prevalent in the industry, and as social media accounts of legitimate projects are compromised, users must remain vigilant and verify URLs before interacting with any links.

Conclusion

The incident highlights the dangers of phishing attacks and the importance of being cautious when connecting wallets or interacting with crypto-related campaigns. EigenLayer continues to work on securing its account and has urged users to stay alert and double-check all interactions.