Eigenlayer’s X account was compromised, triggering a warning from blockchain security firm PeckShieldAlert. Users are advised to avoid clicking on account phishing links.
The phishing attempt uses sophisticated tactics. The fraudulent link is hidden because X displays a preview image of the legitimate Eigenlayer website, including the URL of the official blog page.
The attacker added an anti-scam image to the tweet thread, positioning it as the last message in a series, which adds credibility to the deceptive message. Users may not detect the malicious link unless they interact with the main tweet to fully expand it, as the visible preview appears legitimate. Multiple versions of the fraudulent link have appeared on the account over the past hour, with the hacker appearing to rotate URLs to avoid exposure via retweets.
This incident highlights the threat of X account hacks in the crypto space, where official checkmarks are given to paying users and operation security practices are more lax than decentralized social media outlets such as Lens Protocol.
Phishing scams involving compromised accounts and fake airdrops have become commonplace, exploiting user trust in official channels. Such attacks are effective because they leverage familiar platforms and trusted sources to deliver malicious content.
According to Chainalysis, approval phishing, where victims are tricked into signing malicious transactions, has resulted in billions in losses since 2021. Social media platforms like X and Telegram are hotspots for these scams, with research indicating that Comments under the crypto project’s official posts increasingly contain phishing. links.
During the first half of 2024, PeckShieldAlert reported over 200 major hacks in the crypto space, resulting in approximately $1.56 billion in losses, of which only $319 million was recovered. The increasing frequency of such incidents highlights the need for enhanced security measures and increased user vigilance.
Users are advised to verify information through multiple channels and exercise caution when interacting with links, even if they appear to come from official accounts. The use of deceptive previews and appended images to feign legitimacy demonstrates the strategies employed by attackers in the crypto ecosystem.
The situation regarding Eigenlayer’s compromised account is still ongoing at the time of publication. Users should stay informed through trusted sources and avoid engaging with suspicious content.
UPDATE: Newer versions of the scam appear to have edited tweets that remove the explicit scam URL from the body of the post while retaining the preview image. This method makes it impossible to identify the fraudulent link without clicking on it. Hovering over the link preview provides a t.co link shortened by X preventing users from knowing the final destination.
