Hackers Exploit Ethereum’s EIP-7702 to Target WLFI: Token Holders Lose Funds

Holders of World Liberty Financial (WLFI) tokens, a project backed by Donald Trump, have become the latest victims of a wave of attacks. According to security firm SlowMist, hackers are using a classic phishing exploit tied to EIP-7702, introduced in Ethereum’s Pectra upgrade this May.

How the EIP-7702 Exploit Works EIP-7702 allows regular accounts (EOAs) to temporarily act as smart contract wallets – enabling delegated execution rights and batch transactions. While designed to streamline the Ethereum user experience, the feature has opened the door to abuse. Yu Xian, founder of SlowMist, explained that attackers pre-inject their own malicious contract address into victims’ wallets. When the victim deposits funds, the attacker immediately seizes control and transfers the tokens away. In practice, once a private key is leaked, the wallet becomes fully compromised. “I’ve seen another case where all WLFI tokens across multiple addresses were stolen. Again, this was an exploit of a malicious EIP-7702 delegate contract,” said Xian.

WLFI Holders Trapped The WLFI token began trading on Monday morning with a total supply of 24.66 billion tokens. Yet, even before the launch, users on WLFI forums were reporting troubling cases. 🔹 One user said hackers drained all WLFI tokens after he transferred Ether into his wallet to cover gas fees

🔹 Another investor managed to move only 20% of his WLFI into a new wallet, while the remaining 80% stayed trapped in a compromised address

🔹 Others warned that the whitelist presale process forced tokens to be sent to wallets that may have already been exposed Some investors even claim that their tokens were drained by automated bots before they had a chance to move them to secure wallets.

Proposed Solutions and Security Risks Xian suggested either revoking or replacing EIP-7702 or, at the very least, moving assets immediately from compromised wallets. While complex, he noted it may be the only way to mitigate further losses. Analytics firm Bubblemaps also identified dozens of “WLFI clones” – fraudulent smart contracts mimicking legitimate projects to lure unsuspecting investors.

WLFI Team Issues Warning The official WLFI team has reminded users that it never contacts holders via private messages on any platform. The only official support channels remain verified email addresses. “If you receive a DM claiming to be us, it’s fraudulent and should be ignored. For emails, always double-check that they come from one of our official domains,” the WLFI team said.

Summary The WLFI attacks highlight how easily new technological features – such as Ethereum’s EIP-7702 – can be exploited by hackers. What was meant to improve the user experience has turned into a nightmare for many WLFI holders. Security experts warn that every leaked private key is an open door for attackers, and more wallets may be at risk in the coming days.

#CryptoSecurity , #Ethereum , #CyberSecurity , #WLFI , #phishingscam

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies! Notice: ,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“