World Liberty Financial (WLFI) governance token holders are suffering from known phishing wallet exploits using Ethereum’s EIP-7702 upgrade, says Yu Xian, founder of Slowmist.
In May, the Ethereum Pectra upgrade introduced the EIP-7702. This allows external accounts to act like smart contract wallets, delegating execution rights and enabling batch transactions aimed at streamlining the user’s experience.
In an X post on Monday, Xian said the hackers are misusing upgrading hacker-controlled addresses to plants in the victim’s wallet, and then when a deposit is created, he will immediately “take” the tokens affecting the WLFI token holders.
“We’ve come across another player whose WLFIs of multiple addresses have all been stolen. Looking at the stolen method, it’s once again the exploitation of the malicious contract of the 7702 delegate.
sauce: Yusian
The Donald Trump-bound World Liberty Financial (WLFI) tokens began trading on Monday morning with a supply of 24.666 billion tokens.
How it works
As led to an official launch, X users reported on August 31 that their friend had ejected a WLFI token after transferring Ether (ETH) to their wallet.
In the answer, Xian says it is clearly an example of a “classic EIP-7702 phishing exploit” and that the private key was leaked, and the bad actor preplants the representative’s smart contract at the victim’s wallet address connected to the key.
In a previous post, Xian said that private keys are usually stolen through phishing.
“As soon as you try to transfer the remaining tokens within it, such as those WLFIs thrown into a lockbox agreement, the gas you enter will be automatically transferred,” he said.
Xian suggested “cancel or exchange the ambushed EIP-7702 for your own” and proposed transferring the token from the compromised wallet as a possible solution.
Cryptographic users discuss theft on the WLFI forum
Some have reported similar issues on the WLFI forum. One post by Hakanemiratlas under the handle stated that his wallet was hacked last October, and now he worries that his WLFI token is at risk.
“It was a stressful race with hackers that only transferred 20% of WLFI tokens. Even sending gas-for-money ETH could have been stolen immediately, so I felt it was dangerous,” they said.
“Currently, 80% of my WLFI tokens are still stuck in my compromised wallet. I’m very worried that once they unlock, hackers might transfer them soon.”
Another user under Anton’s handle said that many others face similar issues due to how token drops were implemented. The wallet used to join the WLFI whitelist must be used to participate in the pre-sale.
“The moment the token arrives, they are stolen by an automatic sweeper bot before they have the opportunity to move into a secure wallet,” he said.
Anton has also asked WLFI teams to consider implementing a direct token transfer option.
A user under the handle said Anton had placed on the WLFI whitelist and that those who had subsequently infringed their wallets were at risk of losing their tokens. Source: World Liberty Financial
Scammers targeting token launches
Many WLFI scams have appeared in lead-ups and post-token launches. Analytics Firm’s Bubblemaps has identified smart contracts such as several “bundle clones” that mimic established crypto projects.
Meanwhile, the WLFI team is warning that they will not contact them via direct messages on any platforms, using only official support channels via email.
“If you receive a DM claiming it came from us, it is a scam and should be ignored. If you receive an email, always double-check that it comes from one of these official domains before responding,” the WLFI team said.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
