What to know:
- Hackers exploited a loophole in Ethereum‘s Pectra upgrade, draining World Liberty Financial tokens through a phishing exploit.
- The attack involved a malicious delegate contract that redirects funds to hacker-controlled addresses when victims deposit tokens.
- Users reported difficulties in rescuing their tokens, with scams and phishing links further complicating the situation.
The declining prices aren’t the sole setbacks that World Liberty Financial (WLFI) investors are encountering, as the token hit the trading markets yesterday. Instead, they’re experiencing various losses.
It appears that hackers are taking advantage of a flaw related to the latest Pectra update in Ethereum, emptying out WLFI tokens using an old-fashioned phishing scam based on EIP-7702, as security experts have pointed out.
The governance token called WLFI, which is associated with Donald Trump and started trading on Monday with a supply of 24.6 billion units, forms the foundation for a system that includes branded cards and payment services. After reaching a peak of 33.13 cents in its initial trading, the current price of WLFI has fallen to 24.27 cents, as per data from CoinGecko.
The origin of the attack can be followed to EIP-7702, a feature rolled out in May which allows standard wallets to perform as smart contract wallets for multiple transactions simultaneously.
Although designed for enhancing user interaction, it unintentionally presents a twofold issue since cybercriminals can embed harmful delegate contracts into breached digital wallets. If an unsuspecting user deposits Ethereum or tokens, the contract, triggered automatically, redirects the funds towards accounts controlled by the hackers.
As a researcher, I’d like to highlight an important finding that I recently came across. On Monday, the founder of SlowMist, Yu Xian, brought attention to a concerning matter: it appears that multiple WLFI wallets have been compromised, with funds being drained using a specific method.
Upon attempting to move the residual tokens, I’d like to emphasize that any gas you input will be instantly transferred out, as a precautionary measure. It’s essential to be mindful of potential private key leaks, commonly occurring through fraudulent phishing sites, which serve as the usual point of entry for such incidents.
Encountered a player with multiple addresses of their $WLFI tokens being stolen. Upon investigating the theft method, it turned out to be an illicit use of the 7702 delegate contract. This malicious activity also requires private key disclosure, allowing hackers to pre-position malicious 7702 delegate addresses on the target wallet. Subsequently, they transfer all ETH and valuable tokens (such as $WLFI in this case) away, leaving nothing behind. If a user deposits ETH…
A player had their $WLFI tokens stolen from multiple addresses. It appears that someone took advantage of a 7702 delegate contract in a malicious way, which required the private key to be leaked. The hacker had already set up a malicious 7702 address on the target wallet beforehand. Once they transferred all ETH and tokens (like $WLFI) away, there was nothing left for the user. If a user deposited ETH…
— Cos(余弦)😶🌫️ (@evilcos) September 1, 2025
In discussions on the WLFI forums, users recount efforts to salvage their holdings. One investor shared that they were able to transfer just 20% of their tokens to a fresh wallet, while the remainder remains stuck at a potentially breached address.
The exploit contributes to a surge of frauds linked to the launch of trading, with analytics company Bubblemaps identifying “bundled replicas” mimicking WLFI agreements. Suspicious links related to phishing have been spread across Telegram and other platforms.
Read More
- You Won’t Believe Polygon’s Wild Stablecoin Frenzy—But POL Has Other Plans
- FLR PREDICTION. FLR cryptocurrency
- USD HKD PREDICTION
- Brent Oil Forecast
- GBP AED PREDICTION
- KCS PREDICTION. KCS cryptocurrency
- Bitcoin’s Tragicomic Fumble: Gold Laughs, BTC Sulks 🤑💔
- EUR AED PREDICTION
- EUR PLN PREDICTION
- CRO PREDICTION. CRO cryptocurrency
2025-09-02 11:30