SlowMist said in a post on X that it was commissioned as an independent third party to investigate the recent incident that led to the theft of 1.67 million EIGENs. After a thorough investigation, SlowMist concluded that the incident stemmed from an external malicious attack: an investor in Eigen Labs became the victim of a phishing attack, resulting in the compromise of the email account of an employee of the investor. This allowed the attacker to access email threads between the investor, Eigen Labs, and the custodian, who discussed transferring EIGEN to a custodian who would hold the tokens on behalf of the investor. EigenLayer reiterated that the incident did not affect the official website, any protocols or token smart contracts, nor was it related to any on-chain functionality. Its internal investigation included a thorough review of the token transfer approval process to assess any process errors that led to the incident and determine what improvements are needed to minimize future risks.