Share this article
Holders of Trump’s Crypto Token Targeted by Hackers in Phishing Exploit
Exploiters are increasingly targeting WLFI holders as it gains in mindshare and popularity following its trading launch.
Updated Sep 2, 2025, 7:52 a.m. Published Sep 2, 2025, 7:42 a.m.
What to know:
- Hackers exploited a loophole in Ethereum's Pectra upgrade, draining World Liberty Financial tokens through a phishing exploit.
- The attack involved a malicious delegate contract that redirects funds to hacker-controlled addresses when victims deposit tokens.
- Users reported difficulties in rescuing their tokens, with scams and phishing links further complicating the situation.
Falling prices aren’t the only losses holders are facing just a day after the token went live for trading.
Hackers are apparently exploiting a loophole tied to Ethereum’s recent Pectra upgrade, draining WLFI tokens through what security firms are calling a “classic EIP-7702 phishing exploit.”
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
WLFI, the Donald Trump–linked governance token that began trading Monday with a 24.6 billion supply, anchors an ecosystem of branded cards and payment services. After rising to as high as 33.13 cents after its trading debut, the WLFI price has dropped to 24.27 cents, CoinGecko data show.
The attack vector can be traced back to EIP-7702, a feature introduced in May that enables regular wallets to function like smart contract wallets for batch transactions.
While meant to improve user experience, it has become a double-edged sword as attackers can plant a malicious delegate contract inside a compromised wallet. When the victim then deposits ETH or tokens, the contract automatically routes the funds to hacker-controlled addresses.
SlowMist founder Yu Xian flagged the issue on Monday, saying multiple WLFI wallets were drained using the method.
“As soon as you try to transfer away the remaining tokens … the gas you input will be automatically transferred away,” he warned, noting that private key leaks, often through phishing sites, are the typical entry point.
Loading...
Users in WLFI forums describe attempts to rescue their allocations. One investor said they managed to move only 20% of their tokens to a new wallet, with the rest still trapped in a compromised address.
The exploit adds to a rash of scams surrounding the start of trading. Analytics firm Bubblemaps flagged “bundled clones” imitating WLFI contracts, while phishing links have circulated on Telegram and X.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
KindlyMD Turns to Kraken as Fourth Provider for Bitcoin-Backed $210M Loan at 8%
An SEC filing shows the Kraken facility will be used to retire an outstanding Antalpha loan and requires significant bitcoin collateral.
What to know:
- KindlyMD turned to Kraken for a $210 million loan “bearing a fee of 8% per annum” with maturity on Dec. 4, 2026.
- The company said it will use the proceeds to satisfy its obligations to Antalpha Digital in full.
- Kraken becomes the company’s fourth financing source this year following earlier arrangements with Yorkville Advisors, Two Prime and Antalpha.
Top Stories
