Holders of Trump’s Crypto Token Targeted by Hackers in Phishing Exploit

Falling prices aren’t the only losses World Liberty Financial (WLFI) holders are facing just a day after the token went live for trading.

Hackers are apparently exploiting a loophole tied to Ethereum’s recent Pectra upgrade, draining WLFI tokens through what security firms are calling a “classic EIP-7702 phishing exploit.”

WLFI, the Donald Trump–linked governance token that began trading Monday with a 24.6 billion supply, anchors an ecosystem of branded cards and payment services. After rising to as high as 33.13 cents after its trading debut, the WLFI price has dropped to 24.27 cents, CoinGecko data show.

The attack vector can be traced back to EIP-7702, a feature introduced in May that enables regular wallets to function like smart contract wallets for batch transactions.

While meant to improve user experience, it has become a double-edged sword as attackers can plant a malicious delegate contract inside a compromised wallet. When the victim then deposits ETH or tokens, the contract automatically routes the funds to hacker-controlled addresses.

SlowMist founder Yu Xian flagged the issue on Monday, saying multiple WLFI wallets were drained using the method.

“As soon as you try to transfer away the remaining tokens … the gas you input will be automatically transferred away,” he warned, noting that private key leaks, often through phishing sites, are the typical entry point.

Users in WLFI forums describe attempts to rescue their allocations. One investor said they managed to move only 20% of their tokens to a new wallet, with the rest still trapped in a compromised address.

The exploit adds to a rash of scams surrounding the start of trading. Analytics firm Bubblemaps flagged “bundled clones” imitating WLFI contracts, while phishing links have circulated on Telegram and X.