WLFI Blocks Hacking Attempts, Warns of EIP-7702 Exploitation in Phishing Attacks

WLFI, a decentralized finance project linked to Donald Trump, thwarted hacking attempts during its token launch by blacklisting compromised wallets. Scammers created fake WLFI smart contracts to mislead investors. Security experts warn that Ethereum's EIP-7702 upgrade is being exploited in phishing attacks. The WLFI team urges holders to remain cautious of phishing attempts and secure their private keys.

World Liberty Financial (WLFI), a decentralized finance (DeFi) project linked to Donald Trump, has implemented proactive measures to safeguard its token launch against potential hacking attempts and scams. According to a recent post on X by the WLFI team, the project blacklisted compromised wallet addresses ahead of the token launch to prevent hacks caused by leaked private keys [1]. This preemptive step was handled by a designated wallet, which executed several blacklist transactions on September 3.

The blacklist was particularly focused on WLFI’s "Lockbox" tool, which holds users’ locked token allocations. This tool was targeted to prevent the theft of these locked tokens. The WLFI team shared two transaction links from Etherscan as evidence of the blacklist in use. Additionally, the project is working with individuals whose accounts were affected to help them restore access.

The token officially launched on September 1, unlocking 24.6 billion tokens and opening them up for trading. However, the high visibility of the event drew attention from scammers. Fake smart contracts mimicking the real project were created to mislead users into transferring funds to fake addresses. These clones, known as "bundled clones" by analytics firm Bubblemaps, aim to trick people into transferring funds to the wrong addresses [2].

Security experts have warned that the Ethereum Improvement Proposal (EIP)-7702, introduced in May 2025, is being exploited in phishing attacks. The proposal aimed to enhance account abstraction by allowing Externally Owned Accounts (EOAs) to temporarily delegate execution rights to smart contracts. However, this delegation mechanism has inadvertently created a critical security flaw, enabling attackers to exploit the DELEGATECALL function and execute code in the victim’s wallet context [3]. Over 97% of observed EIP-7702 delegations have been linked to these sweeper contracts, with victims losing up to 80% of their holdings in seconds [4].

WLFI has become a prime target for these EIP-7702-related attacks, with one user losing $1.54 million in a single incident. The project’s high-profile backing and significant investment from Alt5 Sigma, a Nasdaq-listed fintech firm, have amplified speculative demand and made it a prime target for exploitation [5]. The Trump family received 75% of the proceeds from Alt5 Sigma’s $1.5 billion investment, further complicating the project’s governance structure [6].

The intersection of speculative demand and security risks raises critical questions about WLFI’s viability. While Alt5 Sigma’s investment signals institutional confidence, the EIP-7702 vulnerabilities highlight a broader challenge: balancing usability with security in a rapidly evolving ecosystem. For WLFI and similar projects, the path forward requires not only technical fixes but also transparent governance and robust user education to rebuild trust.

References:
[1] https://www.bitdegree.org/crypto/news/wlfi-locks-out-hackers-with-blacklist-ahead-of-token-launch
[2] https://www.ainvest.com/news/eip-7702-exploits-wlfi-viability-alt5-sigma-1-5b-bet-navigating-security-risks-speculative-demand-politically-driven-crypto-projects-2509/
[3] https://www.ainvest.com/news/eip-7702-growing-risks-ethereum-based-tokens-2509/
[4] https://medium.com/@m13_digital/eip-7702-innovation-or-open-door-for-sophisticated-scams-74488e20234e
[5] https://finance.yahoo.com/news/trump-crypto-project-wlfi-under-081337737.html
[6] https://www.ainvest.com/news/trump-backed-wlfi-token-unlock-implications-40b-crypto-power-play-2508/