Hackers are using the ‘classic EIP-7702’ exploit to snatch WLFI

World Liberty Financial token holders are reportedly being drained of their WLFI tokens. One security expert points to a phishing exploit tied to Ethereum contracts.

World Liberty Financial’s (WLFI) governance tokenholders are being hit with a known phishing wallet exploit using Ethereum’s EIP-7702 upgrade, SlowMist founder Yu Xian says.

Ethereum's Pectra upgrade in May introduced EIP-7702, which allows external accounts to temporarily act like smart contract wallets, delegating execution rights and allowing batch transactions, which are aimed at streamlining a user’s experience. 

Xian said in an X post on Monday that hackers are exploiting the upgrade to pre-plant a hacker-controlled address in victim wallets, then, when a deposit is made, they quickly “snatch” the tokens, which in this case, is affecting WLFI tokenholders.

Read more