Security experts are raising alarms as scammers take advantage of the buzz around the launch of WLFI, a cryptocurrency associated with U.S. President Donald Trump.
Summary
- Large-scale phishing attacks are targeting WLFI holders, exploiting the token’s launch hype.
- Scammers are using Ethereum’s new wallet features, which allow wallets to act like smart contracts.
- The EIP-7702 upgrade enables users to sign multiple complex transactions simultaneously, a functionality exploited by attackers.
WLFI’s Popularity Sparks Scams
The World Liberty Financial (WLFI) token debuted on September 1 and quickly gained massive attention, with trading volumes comparable to major crypto projects. However, the excitement also drew cybercriminals who aimed to exploit WLFI holders.
Yu Xian, founder of blockchain security firm SlowMist, noted that phishing attacks began almost immediately after launch. Attackers are exploiting Ethereum’s EIP-7702 upgrade, which allows external accounts to operate like smart contract wallets. While this functionality adds convenience, it also creates vulnerabilities if a private key is compromised.
How WLFI Holders Are Targeted
The EIP-7702 “delegate” scam starts with attackers obtaining a user’s private key through phishing. They then insert a malicious delegate smart contract into the victim’s wallet. When the victim conducts any transaction, the contract automatically executes, draining their WLFI tokens.
This approach allows attackers to operate at scale. Unlike traditional phishing, which requires constant wallet monitoring, delegate contracts can automatically execute transactions, such as claiming WLFI tokens from airdrops.
Scammers are also using other tactics to deceive WLFI holders. In one reported case, attackers airdropped fake WLFI tokens into a user’s wallet. When the victim attempted to trade, they accidentally purchased counterfeit tokens on Phantom Swap, resulting in a loss of $4,876.
Key Takeaways
The launch of WLFI demonstrates both the excitement and risks present in the crypto space. WLFI holders must stay alert, secure their wallets, and avoid clicking on suspicious links to protect their assets from phishing attacks and fraudulent schemes.
