-
Back to menu
Prices
-
Back to menu
-
Back to menu
Indices -
Back to menu
Research
-
Back to menu
Events -
Back to menu
Sponsored
-
Back to menu
Videos -
Back to menu
-
Back to menu
-
Back to menu
Webinars
Select Language
Exploiters are increasingly targeting WLFI holders as it gains in mindshare and popularity following its trading launch.
By Shaurya Malwa|Edited by Sheldon Reback
Updated Sep 2, 2025, 7:52 a.m. Published Sep 2, 2025, 7:42 a.m.

- Hackers exploited a loophole in Ethereum’s Pectra upgrade, draining World Liberty Financial tokens through a phishing exploit.
- The attack involved a malicious delegate contract that redirects funds to hacker-controlled addresses when victims deposit tokens.
- Users reported difficulties in rescuing their tokens, with scams and phishing links further complicating the situation.
Falling prices aren’t the only losses World Liberty Financial (WLFI) holders are facing just a day after the token went live for trading.
Hackers are apparently exploiting a loophole tied to Ethereum’s recent Pectra upgrade, draining WLFI tokens through what security firms are calling a “classic EIP-7702 phishing exploit.”
STORY CONTINUES BELOW
WLFI, the Donald Trump–linked governance token that began trading Monday with a 24.6 billion supply, anchors an ecosystem of branded cards and payment services. After rising to as high as 33.13 cents after its trading debut, the WLFI price has dropped to 24.27 cents, CoinGecko data show.
The attack vector can be traced back to EIP-7702, a feature introduced in May that enables regular wallets to function like smart contract wallets for batch transactions.
While meant to improve user experience, it has become a double-edged sword as attackers can plant a malicious delegate contract inside a compromised wallet. When the victim then deposits ETH or tokens, the contract automatically routes the funds to hacker-controlled addresses.
SlowMist founder Yu Xian flagged the issue on Monday, saying multiple WLFI wallets were drained using the method.
“As soon as you try to transfer away the remaining tokens … the gas you input will be automatically transferred away,” he warned, noting that private key leaks, often through phishing sites, are the typical entry point.
Users in WLFI forums describe attempts to rescue their allocations. One investor said they managed to move only 20% of their tokens to a new wallet, with the rest still trapped in a compromised address.
The exploit adds to a rash of scams surrounding the start of trading. Analytics firm Bubblemaps flagged “bundled clones” imitating WLFI contracts, while phishing links have circulated on Telegram and X.
More For You
By James Van Straten, AI Boost|Edited by Parikshit Mishra
44 minutes ago

Investor approval of share expansion and governance changes.
What to know:
- Shareholders approved increase in authorized shares to 2.7 billion.
- New rules enable virtual-only meetings and creation of Class A and Class B shares