EigenLayer has being investigated for the unlawful sale of 1.67 million EIGEN tokens, which has prompted the investigation. According to reports, the tokens were sold via the use of MetaMask, which raised significant questions over the token's security and compliance with the internal protocol. A violation of EigenLayer's tight one-year lockup term for staff and early investors is suspected to have occurred upon the sale of the company.

Because to EigenLayer's lockup policy, current and past employees, as well as early investors, are not authorized to sell or stake their EIGEN tokens until September 2025. This restriction applies to both current and former employees. Only four percent of the recipient's tokens will become available for use each month after that date, and the full vesting is anticipated to take place in September of 2027.

Because EIGEN tokens had just recently been distributed during an airdrop commencing on May 10, 2024, the wallet that was utilized for the sale was still subject to its one-year lockup period. It is because of this that concerns have been raised over the internal compliance processes and token security aspects of the system.

Additionally, the sale occurs at the same time when the market capitalization of EigenLayer's token is increasing. On October 1st, the EigenLayer token was made available to users. It soon became one among the top 100 tokens in terms of market worth, with a fully diluted market capitalization of $7.2 billion within its first few days of existence.

A hacker took advantage of a security hole, which resulted in the transfer of 1.67 million EIGEN tokens, according to the information provided by EigenLayer. An investor's email that detailed a token transfer to a custodian address was allegedly taken over by a hostile actor, as stated by the protocol.

The hacker altered the address that was included in the email, which resulted in the tokens being sent to their wallet. The attacker first obtained one token, and then, twenty-six hours later, transferred the remaining 1,673,644 EIGEN tokens, all of which originated from an address that used multiple signatures. Several sites, including HitBTC, were used in the process of laundering the stolen tokens, with the bulk of the cash being changed into stablecoins such as USDC and USDT.

Immediately after the assault, EigenLayer provided consumers with the assurance that the event was a singular occurrence and did not represent a more widespread vulnerability within the protocol. In addition, the researchers underlined that the security breach was confined to the hacked email, and that there was no weakness discovered in the fundamental infrastructure of the protocol whatsoever.

Nevertheless, the issue of security vulnerabilities associated with token vesting and distribution has been brought to light as a result of the sale and the following assault. According to a statement made by the EigenLayer team, they are collaborating closely with blockchain security companies in order to investigate the breach and avoid such events in the future.