Trump-Linked WLFI Token Targeted by Hackers in Ethereum Phishing Exploit
Investors in World Liberty Financial (WLFI) are facing a wave of attacks just a day after the token’s trading debut, as hackers exploit a vulnerability in Ethereum’s recent Pectra upgrade. Security experts describe the breach as a “classic EIP-7702 phishing exploit.”
WLFI, the Donald Trump–affiliated governance token, launched Monday with a total supply of 24.6 billion and supports an ecosystem of branded payment cards and services. After surging to 33.13 cents post-launch, the token has dropped to 24.27 cents, according to CoinGecko.
The attack takes advantage of EIP-7702, which allows standard wallets to function like smart contract wallets for batch transactions. While intended to improve user experience, the feature can be exploited by embedding malicious delegate contracts into compromised wallets. Deposited ETH or tokens are then automatically routed to hacker-controlled addresses.
SlowMist founder Yu Xian confirmed multiple WLFI wallets were affected. “Attempting to transfer remaining tokens will trigger automatic loss of gas fees,” he warned, noting that phishing sites are the typical entry point for attackers to access private keys.
WLFI holders are attempting to recover their funds. One user reported successfully moving only 20% of tokens to a secure wallet, with the remainder still trapped.
This exploit adds to a growing number of scams surrounding WLFI’s trading debut. Analytics firm Bubblemaps flagged “bundled clones” impersonating WLFI contracts, and phishing links are circulating widely on Telegram and X.
