WLFI Token Holders Lose Millions in New Ethereum Phishing Attack

Market News

Hackers are exploiting Ethereum’s EIP-7702 upgrade to install malicious smart contracts in compromised wallets.

World Liberty Financial (WLFI) holders are prime targets, with attackers using previously stolen private keys to drain wallets.

The holders of World Liberty Financial tokens are at a high risk of being victims of cybercrime because hackers take advantage of the recent upgrade of Ethereum. Security researcher Yu Xian says hackers are exploiting EIP-7702 vulnerabilities to drain WLFI tokens from compromised wallets. The attacks are directed at those users who have already shared their private keys via phishing attacks or data breaches.

Technical Attack Method Revealed

The exploit takes advantage of the Ethereum Pectra upgrade capability to enable external accounts to act as smart contract wallets in the short term. Using leaked private keys that have been obtained during previous phishing, criminals pre-install malicious smart contracts into the wallets of victims. In instances where the victims make efforts to transfer tokens or to add gas fees, automated systems instantly redirect money to addresses controlled by attackers.

Security researchers refer to this as a classic EIP-7702 phishing exploit in which stolen credentials allow continued wallet compromise. The attack is especially effective with users whose private keys had been compromised before, but still used the same wallet addresses. Victims report that they lost significant WLFI holdings even though they thought that their wallets were safe after they had first been lost.

The residents of the area talk about desperate efforts to save the few tokens by transferring them to new addresses as fast as possible. A victimised user was able to transfer a fifth of the holdings but was robbed of the remaining 80% by automated theft systems. The competitive nature of the racing adds extra pressure to the game because users are forced to race against advanced bot networks that are tailored to extract funds instantly.

The Trump-approved DeFi exchange was launched on Monday, and it started with 24.66 billion tokens in circulation, which instantly drew both genuine investors and bad actors. There are various copycat projects and scams that have cropped up alongside the legitimate token launch, making it hard to ensure the safety of the users.

Officials of World Liberty Financial point out that they do not send direct messages and only use verified email domains. The user who has been compromised on their wallets should also generate new addresses as soon as possible and not send money to the compromised wallets. To avoid future cases, security experts suggest cancelling EIP-7702 delegations and improving the security measures of wallets.

Highlighted Crypto News Today:

MemeCore (M) Price Becomes Top Daily Performer With 36% Intraday Gains

Shubham Sahu is a crypto journalist and writer with extensive experience covering blockchain technology, digital currencies, and AI. With over seven years in financial markets, Shubham began his journey in traditional trading before uncovering his passion for the crypto verse. After making his first crypto investment in 2021, Shubham combines practical market experience with deep technical knowledge to provide insightful analysis and commentary.

Source: https://thenewscrypto.com/wlfi-token-holders-lose-millions-in-new-ethereum-phishing-attack/