Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
WLFI Tokenholders Targeted in Ethereum EIP-7702 Phishing Exploit
-
World Liberty Financial (WLFI) tokenholders are facing thefts linked to a phishing exploit abusing Ethereum’s new EIP-7702 upgrade, according to blockchain security firm SlowMist founder Yu Xian.
The exploit has surfaced just as the Trump-backed WLFI token launched on Monday with a 24.66 billion total supply.
️ How the Exploit WorksEIP-7702, part of Ethereum’s May Pectra upgrade, allows regular wallets to act like smart contract wallets, delegating execution rights for smoother transactions.
Hackers are exploiting this by:
Phishing private keys from victims.
Pre-planting a malicious delegate contract into the wallet.
Snatching funds instantly once tokens (such as WLFI) are deposited or gas fees are added.
“It’s again the exploitation of the 7702 delegate malicious contract, with the prerequisite being private key leakage,” Xian explained on X.
He advised users to “cancel or replace the ambushed EIP-7702” and urgently move tokens to safe wallets.
Reports From WLFI HoldersWLFI forum users have shared harrowing experiences:
One said he managed to save 20% of his WLFI in a “stressful race against the hacker,” but fears the remaining 80% will be drained on unlock.
Another warned that presale wallets tied to the WLFI whitelist are especially vulnerable, since tokens are instantly stolen by sweeper bots once they arrive.
Some are urging the WLFI team to offer direct transfer options to bypass compromised addresses.
️ Rising Scam ActivitySecurity firm Bubblemaps flagged “bundled clones” smart contracts imitating WLFI and other projects to trick investors.
The WLFI team stressed it never contacts users via DMs and only provides support through verified email domains:
“If you receive a DM claiming to be from us, it is fraudulent and should be ignored.”
TakeawayThe WLFI launch highlights how new Ethereum upgrades can introduce attack surfaces for hackers to exploit — especially when paired with phishing schemes. Tokenholders are urged to use uncompromised wallets, verify official sources, and avoid signing suspicious transactions.
-
This is a textbook case of how new features like EIP-7702 can become double-edged swords. The upgrade was meant to improve UX, but hackers are always first to weaponize anything new. Until wallet providers add stronger safeguards, the safest play is sticking to cold wallets and avoiding any unknown contract approvals.
-
WLFI holders are learning the hard way that phishing + new protocol upgrades = chaos. This isn’t about WLFI itself being a scam — it’s about bad actors exploiting the weakest link (user keys). If you’re still holding in compromised wallets, migrate ASAP or risk losing everything on unlock.
-
Honestly, presale investors getting drained instantly shows just how unprepared a lot of people are for EIP-7702 risks. Delegate contracts sound cool in theory, but for regular users it’s just another attack surface. Education + wallet-level protections need to catch up before more tokens get wrecked.
