Key Takeaways
- WLFI token holders are being targeted by a “classic EIP-7702” exploit, which leverages a malicious delegate contract to drain funds from wallets with leaked private keys.
- The attack utilizes “sweeper bots” that instantly “snatch” any new tokens or funds that a user deposits, making it impossible for victims to move their assets to a secure location.
- Security experts warn that the primary vulnerability is a leaked private key, which is most often stolen through sophisticated phishing scams.
The launch of the World Liberty Financial (WLFI) token has been hit by a security exploit that is draining the wallets of its governance token holders. According to security expert Yu Xian, hackers are using a known phishing exploit tied to Ethereum’s EIP-7702 upgrade.
又遇到一位玩家多个地址的 $WLFI 都被盗事件,看了下盗窃手法,又是 7702 delegate 恶意合约利用,前提也是私钥泄露,黑客在目标钱包地址上提前埋伏好恶意的 7702 delegate 地址,之后将目标地址所有 ETH 及价值 token(比如这里是 $WLFI)转走,一点渣渣都不剩,如果用户转入 ETH 当… https://t.co/YyVvMPwaGM
— Cos(余弦)😶🌫️ (@evilcos) September 1, 2025
This attack pre-plants a malicious contract in a compromised wallet that automatically transfers any new deposits to the attacker, a move that is difficult and fast to counter.
How the ‘Sweeper Bot’ Exploit Works
The EIP-7702 upgrade, part of Ethereum’s recent Pectra hard fork, allows regular wallets to temporarily function as smart contract wallets, enabling features like batch transactions to improve user experience.
一个很不幸的消息:朋友参与私募的 $WLFI 今天早上被黑客全部盗走
具体情况如下:
MetaMask钱包被钓鱼,钱包内资产被清空。小额U和ETH转入钱包后,被自动转到黑客账户,有多笔归集记录📝
目前这个钱包 参与过 $WLFI ,想转出或者 转入 lockbox 都需要gas费
一转进U/ETH… pic.twitter.com/2TfacmCaOC
— 香港王富貴 (@FUGUIHK) August 31, 2025
However, hackers are exploiting this new feature to their advantage. Once a user’s private key is compromised, typically through a phishing scam, a malicious “sweeper bot” is pre-planted within the wallet.
经典的 EIP-7702 钓鱼利用。首先你朋友私钥泄露了,钓鱼团伙(可能不止一个)给你朋友私钥对应的钱包地址埋伏好了 EIP-7702 利用机制,这个机制只要你试图想转走其中剩余 token,比如这些被扔进 Lockbox 合约的 $WLFI,你打入了的 Gas 都会被“自动”转走…
抢跑思路是可行的:打入 Gas、把埋伏的… https://t.co/5Qj3tQjnKX
— Cos(余弦)😶🌫️ (@evilcos) August 31, 2025
This automated script then instantly detects and transfers any new deposits, leaving users unable to move their funds. The funds, along with any gas fees they might try to deposit, are immediately drained.
The exploit has caused significant stress and frustration within the WLFI community. Some users have reported losing most of their tokens, with others expressing concern that the token’s initial presale requirements—which made the community particularly vulnerable—exacerbated the problem.
100 万美金一笔被钓,涉及 5 个 token,原理是 EIP-7702 利用,将用户 EOA 地址委托授权给 MetaMask: EIP-7702 Delegator,并通过其合约 execute (0xe9ae5c53) 调用 Uniswap Universal Router 相关函数完成后续 token 转移操作。… https://t.co/BxleJZmyE4
— Cos(余弦)😶🌫️ (@evilcos) August 22, 2025
The loss of a private key is equivalent to giving away full control of a wallet. With the WLFI token now tradable, holders with compromised keys are in a race against time to either recover their assets or risk losing them to these sophisticated, automated attacks.
Final Thoughts
The EIP-7702 exploit is a stark reminder of the security risks that come with interacting with new crypto projects. While the community forums are abuzz with concerns, the fundamental takeaway is clear: the safety of digital assets rests on the security of the private key.
This incident should serve as a wake-up call for all crypto users to practice extreme caution, use hardware wallets, and be wary of any attempts to phish for their private information.
Frequently Asked Questions
What is a private key?
A private key is a secret code that grants you full access to a crypto wallet. Anyone who possesses your private key can access and control your funds.
What is a “sweeper bot”?
A “sweeper bot” is an automated script that monitors a compromised crypto wallet and instantly transfers any new incoming funds to an attacker’s address.
How can I protect my tokens from this exploit?
To protect your tokens, you should never share your private key or seed phrase. Using a hardware wallet (cold storage) is one of the most effective ways to keep your keys offline and secure.
