WLFI token theft is a phishing-driven exploit that leverages Ethereum’s EIP-7702 delegate feature to pre-plant a malicious delegate contract in compromised wallets; when tokens arrive, attacker-controlled execution and automated sweeper bots drain newly received WLFI quickly.
Immediate cause: private key leakage enabling EIP-7702 delegate pre-plants.
Attackers use batched delegate execution to auto-sweep tokens as soon as they appear.
Incidents reported across WLFI whitelist wallets; expert comment from SlowMist founder Yu Xian included.
WLFI token theft: EIP-7702 phishing exploit drains wallets — learn how it works and how to secure holdings. Read steps to respond now.
World Liberty Financial token holders are reportedly being drained of their WLFI tokens. One security expert points to a phishing exploit tied to Ethereum contracts.
‘,
‘
🚀 Advanced Trading Tools Await You!
Maximize your potential. Join now and start trading!
‘,
‘
📈 Professional Trading Platform
Leverage advanced tools and a wide range of coins to boost your investments. Sign up now!
‘
];
var adplace = document.getElementById(“ads-bitget”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBitget”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBitget.length) : sessperindex;
adplace.innerHTML = adscodesBitget[adsindex];
sessperindex = adsindex === adscodesBitget.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBitget”, sessperindex);
}
})();
Summary: World Liberty Financial’s (WLFI) governance tokenholders are being hit with a known phishing wallet exploit tied to Ethereum’s EIP-7702 upgrade, according to security researcher Yu Xian. Reports indicate automated sweeper bots and malicious delegate contracts are draining WLFI from compromised whitelist wallets.
WLFI token theft refers to incidents where World Liberty Financial governance tokens are stolen from user wallets after attackers exploit private key leaks and EIP-7702 delegate mechanics. Victims report tokens being swept immediately when deposited, often before owners can react.
EIP-7702 allows externally owned accounts to temporarily delegate execution rights to a contract, enabling batch transactions. Attackers who obtain a private key can pre-install a malicious delegate contract that triggers automated sweeps when tokens arrive. Security researcher Yu Xian (SlowMist) describes this as a “Classic EIP-7702 phishing exploit” requiring prior key exposure.
‘
];
var adplace = document.getElementById(“ads-binance”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBinance”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBinance.length) : sessperindex;
adplace.innerHTML = adscodesBinance[adsindex];
sessperindex = adsindex === adscodesBinance.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBinance”, sessperindex);
}
})();
Source: https://en.coinotag.com/wlfi-holders-may-be-targeted-by-ethereum-eip-7702-phishing-exploit-security-expert-warns/