Trump’s Crypto Project WLFI Under Attack as Ethereum Upgrade Backfires – What Went Wrong?

Hackers are systematically exploiting Ethereum’s EIP-7702 upgrade to steal World Liberty Financial tokens from Donald Trump’s crypto project , according to SlowMist security ￰2￱ attacks leverage a vulnerability in the May Pectra upgrade that allows externally owned accounts to delegate control to smart contracts, enabling attackers to plant malicious code that instantly drains all incoming ETH and ￰3￱ Liberty Financial Becomes Latest Victim of Ethereum Exploit According to SlowMist, multiple WLFI token holders have lost their assets after hackers combined private key theft with malicious delegate contract ￰4￱ exploit technique has matured rapidly since Ethereum’s Pectra upgrade launched May 7, with over 97% of EIP-7702 delegations linked to identical wallet-draining contracts designed to automatically sweep ￰5￱ firm SlowMist warned that victims whose private keys are compromised face complete asset loss through pre-planted malicious delegates. 又遇到一位玩家多个地址的 $WLFI 都被盗事件，看了下盗窃手法，又是 7702 delegate 恶意合约利用，前提也是私钥泄露，黑客在目标钱包地址上提前埋伏好恶意的 7702 delegate 地址，之后将目标地址所有 ETH 及价值 token（比如这里是 $WLFI）转走，一点渣渣都不剩，如果用户转入 ETH 当… ￰0￱ — Cos(余弦) (@evilcos) September 1, 2025 When users transfer ETH for gas or receive tokens like WLFI, the malicious contracts immediately redirect all funds to attacker-controlled addresses, leaving wallets permanently ￰6￱ vulnerability stems from EIP-7702’s design, which allows EOAs to borrow execution logic from designated smart contracts temporarily.) May 24, 2025 The phishing group netted over $9 million across chains in 2025 by convincing users to authorize attacker-controlled delegate ￰7￱ in June, Wintermute’s research revealed that automated sweeper contracts account for the vast majority of EIP-7702 delegations, creating a systematic threat to Ethereum ￰8￱ market maker developed CrimeEnjoyor, a tool that injects warnings into verified malicious contracts stating they are “used by bad guys to automatically sweep all incoming ETH.” Multiple Attack Vectors Emerge From Flawed Upgrade Implementation Beyond World Liberty Financial token theft, EIP-7702 exploitation has enabled diverse attack methods targeting different vulnerability ￰9￱ campaigns impersonate trusted DeFi platforms to trick users into signing dangerous batch transactions and delegate approvals, leading to immediate fund drainage upon authorization.

Particularly, off-chain signature attacks pose another significant threat with this vulnerability, as it enables hackers to remotely install malicious code in wallets using signed messages rather than on-chain ￰10￱ method bypasses traditional security measures and operates stealthily, requiring only a compromised signature to grant total wallet control. Similarly, flash loan and reentrancy exploits leverage EIP-7702 features to bypass on-chain security logic, enabling price manipulation attacks against DeFi ￰11￱ contract attacks caused losses approaching one million dollars in established DeFi projects through compromised delegated ￰12￱ technical root cause lies in EIP-7702’s delegation mechanism combined with DELEGATECALL operations that execute in the victim’s wallet ￰13￱ private keys are compromised through phishing or other means, attackers can set malicious delegate contracts that automatically steal any incoming ￰14￱ market maker @wintermute_t has developed a tool that injects on-chain warnings into malicious wallet-draining contracts to alert users. #Ethereum #ETH ￰1￱ — ￰15￱ (@cryptonews) June 2, 2025 Security experts recommend avoiding suspicious delegation requests, verifying all transaction permissions, and canceling compromised delegate contracts when possible.

However, the fundamental design that allows EOAs to delegate execution creates an attack surface that criminals continue to exploit as the technique matures. Notably, the upgrade increased validator staking limits from 32 ETH to 2,048 ETH while introducing auto-compounding features designed to attract conservative institutional ￰16￱ the upgrade aimed to improve user experience and reduce costs, the security trade-offs have overshadowed these benefits as users face wallet-draining ￰17￱ security vulnerabilities have created new attack vectors that criminals rapidly weaponized.