Quick Breakdown:
- World Liberty Financial’s WLFI token holders are targeted by hackers exploiting the Ethereum EIP-7702 upgrade.
- This phishing attack pre-plants malicious contracts into wallets with leaked private keys, enabling swift token theft upon deposit.
- The WLFI team warns users to remain vigilant and avoid direct messages, emphasizing official communication channels only.
World Liberty Financial (WLFI) token holders are enduring substantial losses following a resurgence of a known phishing exploit tied to Ethereum’s EIP-7702 upgrade. Hackers manipulate this feature, which was introduced during Ethereum’s Pectra upgrade in May, which is designed to enhance user transaction efficiency by enabling external accounts to act as smart contract wallets temporarily. However, malicious actors are exploiting this functionality to insert hacker-controlled contracts into compromised wallets, swiftly stealing tokens when users deposit WLFI tokens.
Security expert Yu Xian, founder of SlowMist, identified the attack on social media, explaining that the exploit requires leaked private keys, usually obtained via phishing scams. Once attackers access a wallet’s private key, they pre-implant a delegate smart contract tied to the EIP-7702 upgrade. When victims deposit WLFI tokens, the gas fees and tokens are instantly redirected to the hacker’s address before the owner can finalize transactions.
又遇到一位玩家多个地址的 $WLFI 都被盗事件,看了下盗窃手法,又是 7702 delegate 恶意合约利用,前提也是私钥泄露,黑客在目标钱包地址上提前埋伏好恶意的 7702 delegate 地址,之后将目标地址所有 ETH 及价值 token(比如这里是 $WLFI)转走,一点渣渣都不剩,如果用户转入 ETH 当… https://t.co/YyVvMPwaGM
— Cos(余弦)😶🌫️ (@evilcos) September 1, 2025
Affected users are actively discussing these thefts in WLFI forums, expressing frustration over the automatic draining by “sweeper bots.” One user reported only managing to safely transfer 20% of their tokens before the remaining 80% were stolen. Another raised concerns about the token drop system’s reliance on whitelisted wallets, which exacerbates vulnerability.
In response, the WLFI team has urged token holders to remain cautious of phishing attempts, explicitly stating the project will never contact users through direct messages on social platforms. Official communications are only through verified email domains. The team recommends users secure their private keys and consider moving tokens from compromised wallets immediately.
This ongoing security breach highlights the importance of vigilance in the crypto ecosystem, especially following high-profile token launches. The WLFI community continues to push for solutions, including enhanced token transfer mechanisms, to prevent further exploitations.
Meanwhile, CoinEx OnChain recently officially listed World Liberty Financial (WLFI) WLFI i issued its tokens on September 1, 2025, positioning itself as one of the more controversial but well-funded entries into decentralized finance this year.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”