Quick Breakdown
- WLFI blocked hacking attempts at launch by blacklisting compromised wallets onchain.
- Scammers created fake WLFI smart contracts to mislead investors.
- Security experts warn that Ethereum’s EIP-7702 upgrade is being exploited in phishing attacks.
World Liberty Financial (WLFI), a decentralized finance project linked to Donald Trump, said it thwarted hacking attempts during its token launch by blacklisting compromised wallets.
Blacklisting Prevents Lockbox Exploit
WLFI revealed on Wednesday that a designated wallet carried out “mass blacklisting” transactions ahead of its token debut. The move targeted accounts flagged as compromised, many due to private key leaks. According to the team, this action was not a protocol exploit but an end-user security issue.
TLDR /
$WLFI launch = historic success 🦅• Day-1 listings across top DEXs & CEXs
• Zero tokens moved early
• Early retail prioritized above founders
• Still trading above $0.20 initial list despite $6B+ volume
• No team sales, only presale unlocks
• Circulating supply:…— WLFI (@worldlibertyfi) September 2, 2025
The project noted that the blacklisting step safeguarded its Lockbox, a vesting mechanism protecting locked token allocations. Two Etherscan records shared by the team showed the blacklist in action, preventing hackers from siphoning tokens. WLFI said it is also assisting affected users in regaining control of their accounts.
Token Launch Draws Hackers and Scammers
On Monday, WLFI unlocked 24.6 billion tokens as trading opened for the first time. The milestone immediately attracted hackers and scammers, with malicious actors setting up fake “bundled clone” contracts to trick users into interacting with fraudulent versions of the project. Blockchain analytics firm Bubblemaps confirmed the discovery.
Security Flaws in EIP-7702 Exploited
Yu Xian, founder of security firm SlowMist, warned that WLFI holders have also fallen victim to a phishing method exploiting Ethereum’s new EIP-7702 standard. Introduced in May under the Pectra upgrade, EIP-7702 allows externally owned accounts to act like smart contracts. While designed to improve user experience, it also created a new attack vector.
Xian explained that attackers insert hacker-controlled addresses into victim wallets via signatures, enabling them to drain tokens once deposits are made. Security experts continue to flag EIP-7702 as a growing risk across the Ethereum ecosystem.
In response, the WLFI team has urged token holders to remain cautious of phishing attempts, explicitly stating the project will never contact users through direct messages on social platforms. Official communications are only through verified email domains. The team recommends users secure their private keys and consider moving tokens from compromised wallets immediately.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”