The founder of Slow Fog, Yu Xian, stated that holders of the World Liberty Financial (WLFI) governance token are being targeted by attacks exploiting a known phishing wallet vulnerability due to the Ethereum EIP-7702 upgrade.
The Pectra upgrade in May introduced EIP-7702, allowing external accounts to temporarily operate like smart contract wallets, delegating execution permissions and enabling batch transactions, aimed at simplifying the user experience.
Yu Xian mentioned in a post on the X platform on Monday that hackers are leveraging this upgrade to pre-implant hacker-controlled addresses in victims' wallets, and when deposits occur, they quickly "swoop in" to steal tokens, affecting WLFI token holders in this case.
"Another player encountered, all WLFI from multiple addresses were stolen. Looking at the theft method, it again utilized the 7702 delegation of malicious contracts, provided that the private key was leaked," Yu Xian said.
The World Liberty Financial (WLFI) token, supported by Donald Trump, began trading on Monday morning, with a total supply of 24.66 billion tokens.
Before the official launch, an X user reported on August 31 that a friend had their WLFI tokens stolen after transferring Ether (ETH) into their wallet.
In response, Yu Xian stated that this is clearly an example of the "classic EIP-7702 phishing vulnerability," where the private key was leaked, and malicious actors subsequently pre-implanted delegated smart contracts in the victim's wallet address connected to that key.
In previous posts, Yu Xian indicated that private keys are often stolen through phishing.
"Once you try to transfer the remaining tokens, like those locked in the Lockbox contract, the gas fees you input will be automatically redirected," he said.
Yu Xian suggested "cancelling or replacing the ambushed EIP-7702 with your own" and transferring tokens from the compromised wallet as a possible solution.
Some individuals reported similar issues on the WLFI forum. A user named hakanemiratlas stated that their wallet was hacked last October, and they are now concerned about the risk to their WLFI tokens.
"I only managed to transfer 20% of my WLFI tokens to a new wallet, but it’s a tense race against the hacker. Even sending ETH as gas feels dangerous because it could also be stolen immediately," they said.
"Currently, 80% of my WLFI tokens are still trapped in the compromised wallet. I am extremely worried that once they are unlocked, the hacker might transfer them immediately."
Another user named Anton mentioned that many others are facing similar issues due to the way the token airdrop was implemented. Wallets used to join the WLFI whitelist are required for participating in the presale.
"As soon as the tokens arrive, they are automatically scanned by bots and stolen before we have a chance to transfer them to a secure wallet," he said.
Anton also urged the WLFI team to consider implementing a direct transfer option for the tokens.
Numerous WLFI scams emerged before and after the token release. The analytics company Bubblemaps identified several "bundle clones"—imitation smart contracts mimicking established crypto projects.
Meanwhile, the WLFI team warned that it will not contact anyone through private messages on any platform, and the only official support channel is via email.
"If you receive a private message claiming to be from us, it is fraudulent and should be ignored. If you receive an email, please ensure to check carefully that it comes from one of these official domains before replying," the WLFI team stated.
Related: What is WLFI? How to guard against scams?
Original text: “Security Experts: Hackers are Exploiting Ethereum's 'EIP-7702' Vulnerability to Steal WLFI Tokens”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
