Hackers are stealing World Liberty Financial (WLFI) tokens by exploiting a new Ethereum Pectra upgrade, EIP-7702, according to Yu Xian, Founder of SlowMist.
WLFI, a token supported by the U.S. President Donald Trump and his family, with a total of 24.66 billion tokens, started trading on Monday. Xian explained that hackers are using a phishing exploit enabled by EIP-7702, introduced in the May upgrade. This allows external accounts to temporarily function as smart contract wallets for streamlined transactions.
Xian shared on X that hackers used the EIP-7702 upgrade to secretly set up a hacker-controlled address inside victims’ wallets ahead of time after a private key leak. Then, as soon as someone deposited tokens, they immediately grabbed and stole them.
Xian explained that when users tried to move their tokens, the hackers’ contract also grabbed the transaction fees (gas). Yu Xian advised that to stop hackers, users should cancel or replace the harmful EIP-7702 contract in their wallet and move their tokens out of the hacked wallet to a safe one.
The post also comes amidst people on WLFI forums reporting more token thefts.
WLFI Holders Share Hacking Stories on Its Forums
A user named Hakanemiratlas shared on the forum that his MetaMask wallet was hacked last October while he was asleep. Despite reporting to Uniswap and MetaMask, no help was received, and a suggested recovery company scammed them further.
The user said that only 20% of WLFI tokens were moved to a new wallet; 80% remain at risk in the hacked wallet. He stated that, “Currently, 80% of my WLFI tokens are still stuck in the compromised wallet. I am extremely worried that once they unlock, the hacker might immediately transfer them away.”
The user has asked the WLFI team for help to safely transfer the remaining tokens and urges community support to highlight the issue, fearing others may face similar risks.
Another user, Anton, stated that WLFI’s token drop setup requires using the same wallet for both the whitelist and presale. This makes it easy for automated bots to steal tokens as soon as they arrive.
Scams targeting WLFI are increasing, with Bubblemaps spotting fake “bundled clones” that pretend to be real crypto projects. The WLFI team warned that they never send direct messages and only use official email domains for communication. They have also advised users to double-check sources and be cautious about protecting their tokens from these phishing scams.
Also Read: Trump’s WLFI Token Starts Trading With $5.4 Billion Market Value
