Hacker is exploiting the 'classic EIP-7702' vulnerability to steal WLFI

The governance token holders of World Liberty Financial (WLFI) are becoming victims of a wallet phishing attack, exploiting the EIP-7702 upgrade of Ethereum, according to Yu Xian – the founder of SlowMist.

The Pectra upgrade in May introduced EIP-7702, allowing external accounts to temporarily function as smart contract wallets, authorizing execution rights and processing batch transactions to enhance user experience. However, hackers exploited this feature to pre-install addresses they controlled into the victims' wallets. When funds were deposited, they immediately "drained" the tokens, including WLFI.

Yu Xian stated that many cases of stolen WLFI originate from private key leaks and the exploitation of malicious delegation contracts according to EIP-7702. He recommends that users should cancel or replace the compromised EIP-7702 contracts, while quickly transferring tokens out of the compromised wallet.

On WLFI forums, many people reported that they couldn't withdraw tokens because automated bots scanned and stole them as soon as the tokens arrived in their wallets. Some even lost up to 80% of their WLFI due to their wallets being locked.

In addition, the analysis company Bubblemaps also discovered many counterfeit WLFI smart contracts to commit fraud. The WLFI team warns that they will never message directly, and users should only trust the official email channel to avoid being scammed.