Hackers Exploit Ethereum Flaw to Target Trump-Linked WLFI Token Holders
World Liberty Financial (WLFI), the Trump-affiliated DeFi token, is facing security threats just a day after its trading debut, as attackers exploit a loophole linked to Ethereum’s recent Pectra upgrade. Security firms are calling the breach a “classic EIP-7702 phishing exploit.”
WLFI, which launched Monday with a 24.6 billion token supply and powers an ecosystem of branded payment cards and services, initially surged to 33.13 cents before dropping to 24.27 cents, according to CoinGecko.
The vulnerability stems from EIP-7702, which allows standard wallets to act like smart contract wallets for batch transactions. Hackers can insert malicious delegate contracts into compromised wallets, automatically redirecting ETH or WLFI deposits to their addresses.
Yu Xian, founder of SlowMist, confirmed that multiple WLFI wallets have been drained using this method. He warned that even attempts to transfer remaining tokens can result in automatic losses, typically triggered by phishing attacks targeting private keys.
Investors have reported partial recoveries, moving only portions of their holdings to secure wallets. Meanwhile, additional scams have emerged, including cloned WLFI contracts and phishing links circulating on Telegram and X, underscoring the ongoing risks following the token’s high-profile launch.
