WLFI Token Holders Targeted by EIP-7702 Exploit Following Token Launch

TLDR

• Hackers are using the EIP-7702 exploit to drain WLFI tokens from vulnerable wallets.

• The EIP-7702 exploit relies on private key leaks, enabling token theft during transactions.

• WLFI users have reported significant thefts in forums, with hackers quickly sweeping tokens.

• World Liberty Financial warns of phishing attacks and urges users to double-check official communication.

World Liberty Financial’s (WLFI) token holders are falling victim to a known phishing exploit tied to Ethereum’s EIP-7702 upgrade. The exploit, which takes advantage of a feature introduced during Ethereum’s Pectra upgrade in May, allows external accounts to temporarily act like smart contract wallets. This can delegate execution rights and enable batch transactions, potentially making the user experience smoother. However, hackers are exploiting this to drain tokens from unsuspecting victims’ wallets.

Yu Xian, founder of the security firm SlowMist, identified the attack as a classic example of the EIP-7702 phishing exploit. In a recent X post, Xian explained that attackers pre-plant a hacker-controlled address into a victim’s wallet, often after the victim’s private key has been compromised. Once the victim deposits WLFI tokens into their wallet, the malicious contract quickly “snatches” the tokens.

Xian confirmed in the post that he had seen multiple WLFI holders report stolen tokens from their wallets, pointing to a consistent pattern of phishing attacks.

WLFI Exploit Details and How It Works

The EIP-7702 exploit works by exploiting private key leakage, typically through phishing attacks. Once an attacker has access to the victim’s private key, they can insert a delegate smart contract into the wallet. This allows the attacker to control the victim’s funds when they attempt to transfer them.

The issue occurs when a user attempts to move World Liberty Financial tokens that were stored in a Lockbox contract. Due to the exploit, any gas fees the victim inputs for transferring tokens are automatically transferred to the hacker-controlled address. The attacker is thus able to snatch the WLFI tokens before the victim can complete the transaction.

Xian advised users to cancel or replace the compromised EIP-7702 contract with their own to prevent further theft. Transferring tokens out of a compromised wallet as quickly as possible is another suggested mitigation method.

Phishing Attacks Spread Across WLFI Communities

The phishing attack is not isolated to a few cases. Multiple users have reported similar issues in WLFI forums, with one user named hakanemiratlas describing the difficulty in moving WLFI tokens to a new wallet after his wallet was compromised. Despite successfully transferring a portion of his tokens, the user’s wallet remained vulnerable, with 80% of his World Liberty Financial still stuck.

In another forum post, user Anton warned that the automated nature of the exploit meant that the tokens were quickly drained by “sweeper bots” as soon as they were deposited. He requested that the WLFI team implement a direct transfer option to prevent such thefts in the future. The WLFI community has been particularly concerned about the initial token drop mechanism, which requires a whitelisted wallet to participate in the presale.

The attack method has left many in the community anxious about the safety of their holdings, especially with the WLFI tokens still being locked and vulnerable to exploitation.

Warnings and Security Measures from World Liberty Financial Team

The World Liberty Financial team has warned users to be vigilant about phishing scams, particularly in the wake of the recent token launch. The team clarified that WLFI will never contact users through direct messages or social media platforms, and any such communication is likely to be fraudulent.

“Any email communication should be verified through official WLFI domains,” the team said, stressing that users should be cautious and avoid responding to suspicious inquiries.

Despite the ongoing security challenges, the WLFI team is actively addressing the issues, and security experts are recommending that token holders secure their private keys to prevent further attacks. The ongoing discourse within the community reflects growing concerns over the security of token assets following this exploit.

The post WLFI Token Holders Targeted by EIP-7702 Exploit Following Token Launch appeared first on CoinCentral.