{"id":48968,"date":"2025-09-02T10:15:00","date_gmt":"2025-09-02T07:15:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=48968"},"modified":"2025-09-02T10:15:14","modified_gmt":"2025-09-02T07:15:14","slug":"hackers-exploit-smart-wallets-to-steal-wlfi-tokens","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-exploit-smart-wallets-to-steal-wlfi-tokens\/","title":{"rendered":"Hackers Exploit Smart Wallets to Steal WLFI Tokens"},"content":{"rendered":"<p>Hackers are exploiting a vulnerability in an Ethereum update to steal World Liberty Financial (WLFI) tokens, according to SlowMist founder Yu Xian.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"zh\" dir=\"ltr\">\u53c8\u9047\u5230\u4e00\u4f4d\u73a9\u5bb6\u591a\u4e2a\u5730\u5740\u7684 <a href=\"https:\/\/twitter.com\/search?q=%24WLFI&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$WLFI<\/a> \u90fd\u88ab\u76d7\u4e8b\u4ef6\uff0c\u770b\u4e86\u4e0b\u76d7\u7a83\u624b\u6cd5\uff0c\u53c8\u662f 7702 delegate \u6076\u610f\u5408\u7ea6\u5229\u7528\uff0c\u524d\u63d0\u4e5f\u662f\u79c1\u94a5\u6cc4\u9732\uff0c\u9ed1\u5ba2\u5728\u76ee\u6807\u94b1\u5305\u5730\u5740\u4e0a\u63d0\u524d\u57cb\u4f0f\u597d\u6076\u610f\u7684 7702 delegate \u5730\u5740\uff0c\u4e4b\u540e\u5c06\u76ee\u6807\u5730\u5740\u6240\u6709 ETH \u53ca\u4ef7\u503c token\uff08\u6bd4\u5982\u8fd9\u91cc\u662f $WLFI\uff09\u8f6c\u8d70\uff0c\u4e00\u70b9\u6e23\u6e23\u90fd\u4e0d\u5269\uff0c\u5982\u679c\u7528\u6237\u8f6c\u5165 ETH \u5f53\u2026 <a href=\"https:\/\/t.co\/YyVvMPwaGM\">https:\/\/t.co\/YyVvMPwaGM<\/a><\/p>\n<p>\u2014 Cos(\u4f59\u5f26)\ud83d\ude36\u200d\ud83c\udf2b\ufe0f (@evilcos) <a href=\"https:\/\/twitter.com\/evilcos\/status\/1962534941901902057?ref_src=twsrc%5Etfw\">September 1, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to him, the attackers are exploiting <span data-descr=\"Ethereum Emrpovement Proposal \u2014 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043f\u043e \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044e Ethereum\" class=\"old_tooltip\">EIP<\/span>-7702. The attack unfolds in several stages. Initially, hackers obtain the victim&#8217;s wallet private key, typically through phishing.<\/p>\n<p>They then deploy a malicious delegate contract. As soon as the user funds the account, for instance, by receiving WLFI tokens or depositing ETH for gas fees, a bot automatically transfers all assets to the fraudsters&#8217; address.<\/p>\n<p>The <a href=\"https:\/\/forklog.com\/en\/news\/account-abstraction-angst-how-the-pectra-upgrade-made-life-easier-for-hackers\">EIP-7702<\/a> feature was introduced in the <a href=\"https:\/\/forklog.com\/en\/news\/pectra-steering-ethereum-toward-scale-and-mass-adoption\">Pectra<\/a> update in May. It was intended to simplify wallet operations by allowing them to temporarily act as smart contracts and execute batch transactions.<\/p>\n<h2 class=\"wp-block-heading\">Fraudsters and WLFI<\/h2>\n<p>Trading of the WLFI token from the DeFi project <a href=\"https:\/\/forklog.com\/en\/news\/trump-family-secures-control-over-world-liberty-financial\">linked to the Trump family<\/a>, World Liberty Financial, <a href=\"https:\/\/forklog.com\/en\/news\/wlfi-market-capitalisation-reaches-8-3-billion-following-exchange-listing\">began<\/a> on September 1.<\/p>\n<p>On the project&#8217;s forums, victims confirm the issue. One of them <a href=\"https:\/\/governance.worldlibertyfinancial.com\/t\/urgent-wlfi-tokens-at-risk-due-to-past-wallet-hack-requesting-official-support\/41198\">reported<\/a> that he managed to withdraw only 20% of his WLFI in a &#8220;race&#8221; with the hacker. The remaining 80% are locked in a compromised wallet. He fears losing them immediately upon unlocking.<\/p>\n<p>Another user <a href=\"https:\/\/governance.worldlibertyfinancial.com\/t\/urgent-security-proposal-for-the-lockbox-a-safer-claiming-process-for-all-users\/41214\">explained<\/a> that the problem is exacerbated by the token sale conditions. Participation in the presale required using a whitelisted wallet. Many of these wallets may have been compromised long before the event.<\/p>\n<h2 class=\"wp-block-heading\">How to Protect Yourself<\/h2>\n<p>Xian suggested a possible solution: users should cancel or replace the malicious delegate contract in the wallet with their own. After that, they should immediately transfer all assets to a new address.<\/p>\n<p>In the wake of the token launch, other fraudsters have also become active. Analytical firm Bubblemaps discovered several smart contracts mimicking well-known crypto projects.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">WATCH OUT: \ud83d\udea8 <a href=\"https:\/\/twitter.com\/search?q=%24WLFI&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$WLFI<\/a> is live and bundled clones are everywhere<\/p>\n<p>Be careful what you buy <a href=\"https:\/\/t.co\/F91ubhcK52\">https:\/\/t.co\/F91ubhcK52<\/a> <a href=\"https:\/\/t.co\/bHpe87F3uC\">pic.twitter.com\/bHpe87F3uC<\/a><\/p>\n<p>\u2014 Bubblemaps (@bubblemaps) <a href=\"https:\/\/twitter.com\/bubblemaps\/status\/1962502055983259886?ref_src=twsrc%5Etfw\">September 1, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The WLFI team <a href=\"https:\/\/governance.worldlibertyfinancial.com\/t\/important-security-notice-beware-of-scams\/40935\">warned<\/a> that they never message users directly, and official support is only available via email.<\/p>\n<p>Back in June, the Trump family DeFi project <a href=\"https:\/\/forklog.com\/en\/news\/world-liberty-financial-distributes-usd1-stablecoin-in-airdrop\">conducted<\/a> a USD1 stablecoin airdrop among WLFI holders.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers are exploiting a vulnerability in an Ethereum update to steal World Liberty Financial (WLFI) tokens, according to SlowMist founder Yu Xian.<\/p>\n","protected":false},"author":1,"featured_media":48969,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"Hackers exploit Ethereum update to steal WLFI tokens, says SlowMist founder.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,46,1770],"class_list":["post-48968","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-ethereum","tag-world-liberty-financial-wlfi"],"aioseo_notices":[],"amp_enabled":true,"views":"412","promo_type":"","layout_type":"","short_excerpt":"Hackers exploit Ethereum update to steal WLFI tokens, says SlowMist founder.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/48968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=48968"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/48968\/revisions"}],"predecessor-version":[{"id":48970,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/48968\/revisions\/48970"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/48969"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=48968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=48968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=48968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}