Security researchers have confirmed that attackers exploited a vulnerability related to Ethereum's EIP-7702 account abstraction framework to drain WLFI tokens — the governance token of World Liberty Financial, a DeFi project linked to the Trump family — from multiple user wallets. The exploit highlights the risks inherent in newly deployed smart contract standards before they have been thoroughly battle-tested by the market.
What is EIP-7702
EIP-7702 is an Ethereum Improvement Proposal designed to enable "account abstraction" — a mechanism that would allow regular Ethereum wallets to temporarily behave like smart contracts, enabling features like transaction batching and social recovery. While the proposal represents a significant usability improvement, any new smart contract standard introduces potential attack surfaces if implementations contain bugs or if developers don't fully account for edge cases.
The WLFI Drain
According to on-chain analysis, attackers were able to craft transactions that tricked the WLFI contract into authorising token transfers it should have rejected, effectively bypassing standard approval checks. The total amount drained has been estimated at several million dollars. The incident underscores the importance of comprehensive smart contract audits — particularly for newly deployed protocols using experimental or cutting-edge EVM features.
Have You Been Scammed?
Open a case today and let our experts begin the recovery process. A case-opening fee applies; full refund if unsuccessful.