According to SlowMist founder Yu Xian, hackers are using Ethereum’s EIP-7702 to steal World Liberty Financial tokens. To understand how this happened, let’s understand what this token standard is.
Ethereum’s Pectra upgrade, introduced in May, included EIP-7702, enabling external accounts to temporarily function as smart contract wallets. This allows delegated execution and batch transactions to improve user experience.
Hackers are exploiting this feature by pre-planting malicious delegate contracts in compromised wallets after stealing private keys, often through phishing.
Yu Xian reported on X that hackers embed a controlled address in victims’ wallets. When tokens, such as $WLFI, are deposited, the malicious contract swiftly transfers them out.
“The theft method is again the exploitation of the 7702 delegate malicious contract, with the prerequisite being private key leakage,” Xian noted.
Victim Reports and Community Concerns
WLFI forum users have shared similar experiences. One user, hakanemiratlas, said their wallet was hacked in October, and only 20% of their $WLFI tokens were transferred to a new wallet before the hacker could act.
“It was a stressful race against the hacker. Even sending ETH for gas fees felt risky,” they said, expressing concern that the remaining 80% of their tokens could be stolen once unlocked.
Another user, Anton, highlighted that many who joined the $WLFI whitelist with now-compromised wallets face similar risks.
“The instant the tokens arrive, automated sweeper bots steal them before we can move them to a secure wallet,” Anton explained.
He urged the WLFI team to implement a direct transfer option to mitigate losses.
How To Avoid Being Trapped By The $WLFI Scam?
In the following section we will discuss how you can avoid falling for the $WLFI scam.
The launch of WLFI has generated major buzz, but it has also attracted scammers hoping to exploit the excitement. According to analytics firm Bubblemaps, fraudsters are deploying “bundled clones” of fake smart contracts designed to mimic legitimate projects. Using one of these counterfeit contracts can lead to an irreversible loss of funds.
To help investors avoid traps, here are the official $WLFI smart contract addresses across supported networks:
- Ethereum: 0xdA5e1988097297dCdc1f90D4dFE7909e847CBeF6
- BNB Smart Chain: 0x47474747477b199288bF72a1D702f7Fe0Fb1DEeA
- Solana: WLFinEv6ypjkczcS83FZqFpgFZYwQXutRbxGe7oC16g
Besides fake contracts, social media is also creating fake accounts and posting untrue information in an attempt to lure people into sending money. Always verify before trust.
