Trump’s Crypto Token Holders Targeted by Hackers in Phishing Exploits

A sophisticated phishing exploit has emerged targeting holders of World Liberty Financial (WLFI), the governance token linked to Donald Trump’s crypto ecosystem. Security firms have identified that attackers leveraged a loophole introduced by Ethereum’s Pectra upgrade—specifically, the EIP-7702 delegate mechanism—to implant malicious contracts into compromised wallets. When victims attempted to deposit ETH or WLFI tokens, the embedded delegate contract automatically redirected funds to attacker-controlled addresses, leaving users unable to recover assets.

The exploit vector revolves around the EIP-7702 feature, designed to enable batch transactions and delegate operations. While intended to streamline multi-call interactions, this delegate capability became a double-edged sword: attackers preemptively inserted their own delegate address into target wallets upon key leakage, often achieved through phishing campaigns. As soon as unsuspecting users authorized the delegate, any subsequent transfers—whether of native ETH or ERC-20 tokens like WLFI—were rerouted to the hacker’s contract, bypassing standard approval checks.

Reports from WLFI community forums indicate that several investors managed to salvage only a fraction of their holdings—approximately 20% in some cases—before realizing an irreversible drain. Analytics firm Bubblemaps has also flagged “bundled clones” mimicking official WLFI contracts, further confusing users and funneling them toward fraudulent interfaces. Scam links proliferated across Telegram and X, exacerbating the attack’s reach and impact.

This exploit compounds losses for WLFI holders already contending with steep price declines following the token’s high-profile trading debut. The Pectra upgrade, while aiming to enhance wallet functionality, underscores the importance of rigorous audit protocols and cautious integration of new EVM features. Security experts recommend revoking all delegate permissions via wallet interfaces, migrating remaining assets to freshly generated addresses with air-gapped key storage, and awaiting community or protocol-level guidance on mitigation techniques. As the incident unfolds, the sector faces renewed scrutiny over the balance between innovation and security in smart contract standards.