Investors in Trump’s Crypto Token Face Security Breach Amid Phishing Attempt

WLFI Token Holders Targeted in Ethereum Phishing Exploit

Holders of World Liberty Financial (WLFI), the Trump-linked governance token, are facing security threats just a day after its trading debut. Hackers are exploiting a loophole tied to Ethereum’s Pectra upgrade, using what experts call a “classic EIP-7702 phishing exploit.”

WLFI, which launched Monday with a 24.6 billion token supply and supports an ecosystem of branded payment cards and services, initially rose to 33.13 cents before dropping to 24.27 cents, according to CoinGecko.

The vulnerability stems from EIP-7702, which allows standard wallets to act like smart contract wallets for batch transactions. Attackers can insert malicious delegate contracts into compromised wallets, automatically redirecting ETH or token deposits to hacker-controlled addresses.

Yu Xian, founder of SlowMist, confirmed that multiple WLFI wallets were drained. He noted that even attempts to move remaining tokens can trigger automatic losses, typically initiated via phishing sites.

Investors report partial recovery of funds, with some managing to move only a fraction of their tokens to secure wallets. Meanwhile, additional scams are circulating, including cloned WLFI contracts and phishing links on Telegram and X, highlighting ongoing risks following the token’s launch.