Hackers Strike WLFI Tokenholders with EIP-7702 Exploit

A new wave of attacks is targeting World Liberty Financial (WLFI) tokenholders, leveraging a known exploit tied to Ethereum's EIP-7702 upgrade. This exploit allows hackers to sneak into user wallets and steal tokens as soon as they are deposited.

Exploit Details

The issue was highlighted by Yu Xian, founder of SlowMist, who pointed out that multiple addresses have been compromised this way.

Ethereum's Pectra upgrade in May introduced EIP-7702, a feature that lets external accounts temporarily act like smart contract wallets. This upgrade was meant to make transactions smoother, but hackers have found a way to abuse it.

• Hackers plant a malicious contract in a victim's wallet.
• They wait for a deposit.
• Once the tokens arrive, they are quickly stolen.

WLFI Token Launch and Thefts

WLFI, a token backed by Donald Trump, started trading on Monday with a total supply of 24.66 billion tokens. However, the excitement around its launch was overshadowed by reports of thefts.

• Users have been sharing their experiences on forums, describing how their tokens were drained as soon as they tried to move them.
• One user reported that only 20% of their WLFI tokens were successfully transferred to a new wallet, while the rest remained at risk.
• Another user mentioned that the moment tokens arrive in a compromised wallet, automated bots steal them before the owner can react.

This has led to calls for the WLFI team to implement a direct transfer option to protect users.

Scams and Warnings

Scams have also been rampant around the WLFI token launch.

• Fake support channels and look-alike smart contracts have been identified.
• The WLFI team has warned users about fraudulent messages.
• They advised users to only use official email channels for support and to be cautious of any direct messages claiming to be from the team.