Hackers Drain WLFI Tokens Using Ethereum’s EIP-7702 Feature

According to a September 1 post on X by SlowMist’s Yu Xian, criminals are taking advantage of a new Ethereum feature, EIP-7702, to pull funds from user wallets once they have been compromised.

Ethereum’s May upgrade introduced EIP-7702, which allows regular wallets to behave like smart contract wallets for a short time.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Ethereum Classic & ETC Coin? (Animated Explainer)

SUBSCRIBE

ON YOUTUBE

Xian explained that attackers first gain control of a victim’s private key. After that, they set up a delegate contract on the wallet address. This contract gives the attacker the ability to approve and process transactions.

Once the wallet receives a deposit, such as WLFI tokens, it is only a matter of seconds before the funds are withdrawn to the attacker’s own wallet.

In one example reported on August 31, an X user claimed their friend’s WLFI tokens were stolen after they sent ETH into the wallet. Xian confirmed that this looked like the "Classic EIP-7702 phishing exploit".

Xian also explained that even when users try to transfer remaining tokens from the compromised wallet, the gas fees can be rerouted to the attacker.

To reduce the damage, Xian recommended canceling or overwriting the delegate contract associated with EIP-7702. He also advised moving any remaining tokens to a secure wallet as soon as possible.

Recently, Anthropic warned that its chatbot, Claude, is being misused by bad actors to support online criminal activity. How? Read the full story.