Holders of World Liberty Financial (WLFI) tokens are grappling with more than just market fluctuations this week. In a disconcerting twist, hackers have swooped in, exploiting a loophole linked to Ethereum’s recent Pectra upgrade, and draining WLFI tokens via a notorious EIP-7702 phishing attack. This security breach emerges merely a day after WLFI, the Donald Trump-associated governance token, debuted for trading.
A Double-Edged Sword
The crux of the issue lies in EIP-7702, a feature rolled out in May, designed to enhance user convenience by allowing regular wallets to perform like smart contract wallets for batch transactions. While the intention was to streamline processes, it appears to have opened Pandora’s box. Hackers are planting malicious delegate contracts within compromised wallets, which automatically redirect funds to addresses they control once the victim deposits Ethereum or tokens.
Yu Xian, founder of the cybersecurity firm SlowMist, sounded the alarm on Monday. “As soon as you try to transfer away the remaining tokens, the gas you input will be automatically transferred away,” he explained, highlighting that private key leaks, typically stemming from phishing sites, serve as the primary entry point for these attacks.
WLFI’s Rocky Start
WLFI’s launch has been nothing short of tumultuous. The token, which anchors an ecosystem of branded cards and payment services, initially surged to 33.13 cents before plummeting to 24.27 cents, according to CoinGecko data. This precipitous drop compounds the woes of investors, who were already reeling from the security exploit. This volatility in the crypto market echoes sentiments from Trump Media and Crypto.com Deal Sends Cronos Sky-High: These 3 Altcoins Could Be Next, highlighting the unpredictable nature of crypto investments.
In the WLFI community forums, users are sharing harrowing tales of their attempts to salvage their investments. One investor recounted successfully transferring a mere 20% of their tokens to a new wallet, with the remainder still ensnared in a compromised address.
Phishing Frenzy
The WLFI exploit is just one in a series of scams plaguing the crypto landscape. Analytics firm Bubblemaps identified “bundled clones” mimicking WLFI contracts, while phishing links have been spreading like wildfire on platforms such as Telegram and X. These fraudulent tactics are becoming all too common, raising concerns about the broader security implications for crypto markets. This incident also raises questions about the future of traditional investments, as discussed in Given Trump’s Pro-Crypto Stance, Is it Time to Fully Ditch Gold in Favor of Bitcoin?.
“Crypto is evolving at breakneck speed, but so are the threats,” said Marek Olszewski, a blockchain security analyst. “The industry needs to acknowledge these vulnerabilities and implement robust safeguards to protect users.”
Navigating the Uncertain Future
While WLFI holders are left picking up the pieces, the incident shines a spotlight on the broader challenges facing the crypto sector. As the industry continues to chart new territory with innovative technologies, the question remains: Can security measures keep pace with the rapid advancements?
With the Pectra upgrade revealing unforeseen vulnerabilities, Ethereum developers may need to reassess and possibly revise the EIP-7702 protocol. Meanwhile, investors are urged to exercise heightened caution and employ security best practices to safeguard their digital assets.
The WLFI fiasco serves as a stark reminder that while the promise of blockchain technology is vast, so too are the risks involved. As the crypto world navigates this digital frontier, vigilance and adaptability will be key to ensuring a secure and resilient ecosystem.
Source
This article is based on: Holders of Trump’s Crypto Token Targeted by Hackers in Phishing Exploit
Further Reading
Deepen your understanding with these related articles:
- Best Crypto to Buy as Trump Jr. Backs Polymarket With Major Investment
- Competition For Ethereum? Google Cloud Unveils Layer-1 Blockchain
- Ethereum Outpaces Bitcoin as ETF Inflows Top $1.2 Billion Amid Market Lull
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
