Eigenlayer’s X account has been compromised, prompting a warning from blockchain security firm PeckShieldAlert. Users are urged to avoid clicking on phishing links from the account.
The phishing attempt employs sophisticated tactics. The fraudulent link is obscured because X displays a preview image of the legitimate Eigenlayer website, including the official blog page URL.
The attacker has added an antiscam image to the tweet thread, positioning it as the final post in a series, which adds credibility to the deceptive message. Users may not detect the malicious link unless they interact with the main tweet to expand it fully, as the visible preview appears legitimate. Several versions of the scam link have appeared on the account over the past hour, with the hacker seemingly rotating URLs to avoid exposure through retweets.
This incident emphasizes the threat of X account takeovers in the crypto space, where official checkmarks are given to paid users and operation security practices are more lax than decentralized social media such as Lens Protocol.
Phishing scams involving compromised accounts and fake airdrops have become prevalent, exploiting users’ trust in official channels. Such attacks are effective because they leverage familiar platforms and trusted sources to disseminate malicious content.
Per Chainalysis, approval phishing, where victims are tricked into signing malicious transactions, has resulted in billions in losses since 2021. Social media platforms like X and Telegram are hotspots for these scams, with research indicating that comments under official crypto project posts increasingly contain phishing links.
In the first half of 2024, PeckShieldAlert reported over 200 major hacks in the crypto space, leading to approximately $1.56 billion in losses, of which only $319 million were recovered. The growing frequency of such incidents emphasizes the need for enhanced security measures and increased user vigilance.
Users are advised to verify information through multiple channels and exercise caution when interacting with links, even if they appear to originate from official accounts. The use of misleading previews and added images to simulate legitimacy demonstrates the strategies attackers employ in the crypto ecosystem.
The situation with Eigenlayer’s compromised account is ongoing as of press time. Users should stay informed through trusted sources and avoid engaging with suspicious content.
UPDATE: More recent versions of the scam appear to have edited tweets that remove the explicit scam URL from the body of the post while retaining the preview image. This method makes it impossible to identify the scam link without clicking on it. Hovering over the link preview provides a shortened t.co link from X stopping users from knowing the final destination.