Pectra exploit hits WLFI token wallets after record-setting distribution

The distribution of WLFI tokens may face an unexpected setback, as a Pectra exploit may make certain wallets vulnerable. Reports have already surfaced of drained wallets and losses. 

Malicious actors may be abusing a vulnerability of Ethereum’s Pectra upgrade to steal WLFI tokens as they were distributed to end users. Reports have surfaced of wallets drained of incoming funds, putting the reputation of WLFI further at risk.

As Cryptopolitan reported, the World Liberty Fi distribution was one of the biggest events on Ethereum, pushing the price of gas above 100 gWei.

For now, the token distribution wallets themselves are safe, and the losses stem from individual reports of compromised wallets. The founder of SlowMist tracked the exploits in the past couple of days, as WLFI was just being moved between wallets. The token’s contract itself is not compromised, though the asset has seen some turbulent trading. 

The exploiters use the Pectra EIP-7702 update, which allows wallets to give preliminary permission to smart contracts. The exploit uses the smart wallet feature, which allows permission for moving tokens. However, the ability to steal WLFI still requires a compromised private key. 

Pectra EIP-7702 combined with malicious fishing

The Pectra EIP-7702 upgrade has been a known risk since it allows wallet holders to give approval for smart contract execution. The initial idea was to turn each wallet into a hub for smart contract execution, presuming all interactions were researched and vetted. 

Despite this, the upgrade turned into a security risk as thousands of wallets gave access to malicious actors. Automated wallet sweeper contracts were among the leading apps to request access, and wallet users gave approvals through phishing links.

WLFI is not the most valuable token, but it has been targeted among other wallet contents. The token is spread to over 83K wallets, and some may have been affected by giving permission to drainers. 

Current estimates show around 100 wallets were affected, making them potentially compromised for any tokens. The list of compromised wallets has been made public, with the potential to warn users from interacting with other protocols.

Data also showed the wallets were prepared for draining even before the expected WLFI distribution. While compromised wallets can be attacked at any moment, the presence of a high-profile token unlock made the attack vector more visible.

So far, World Liberty Fi has not responded with a proposal to freeze funds or perform renewed KYC to re-issue the tokens. 

WLFI dumped by whale holders

The WLFI unlock led to rapid selling, as the token traded much higher than its initial distribution price. While some high-profile whales like Justin Sun announced their readiness to hold, other whales realized profits with quick selling. 

WLFI started trading above $0.31, but crashed as low as $0.31 after the initial selling. The token later recovered to $0.25. 

Data shows early buyer insiders are selling. The drained wallet funds may also end up being sold rapidly. 

WLFI is also pressured by derivative trading, especially risky on low-liquidity DEX pairs. On Hyperliquid, the token was shorted by 12 out of 19 whales. One of the fears is that manipulating whales may pump prices to liquidate those short positions. Hyperliquid trader Techno Revenant, known for his XPL trades, also made $45M from WLFI positions. 

Get $50 free to trade crypto when you sign up to Bybit now