🎁 Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. JOIN NOW! 🔥

Hackers Drain WLFI Tokens Using Ethereum’s EIP-7702 Feature

Key Takeaways

  • ​Attackers are stealing WLFI tokens by misusing Ethereum’s EIP-7702 after obtaining private keys through phishing;
  • The exploit works by installing a delegate contract, which lets thieves move funds once a wallet receives a deposit;
  • Victims are advised to cancel the delegate contract and transfer any remaining tokens to a secure wallet quickly.

Ace quick missions & earn crypto rewards while gaining real-world Web3 skills. Participate Now! 🔥

Hackers Drain WLFI Tokens Using Ethereum’s EIP-7702 Feature

A security flaw is being used by attackers to steal WLFI tokens from Ethereum ETH $4,310.50 wallets.

According to a September 1 post on X by SlowMist’s Yu Xian, criminals are taking advantage of a new Ethereum feature, EIP-7702, to pull funds from user wallets once they have been compromised.

Ethereum’s May upgrade introduced EIP-7702, which allows regular wallets to behave like smart contract wallets for a short time.

What is Ripple? Beginner-Friendly XRP Explainer (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Xian explained that attackers first gain control of a victim’s private key. After that, they set up a delegate contract on the wallet address. This contract gives the attacker the ability to approve and process transactions.

Once the wallet receives a deposit, such as WLFI tokens, it is only a matter of seconds before the funds are withdrawn to the attacker’s own wallet.

In one example reported on August 31, an X user claimed their friend’s WLFI tokens were stolen after they sent ETH into the wallet. Xian confirmed that this looked like the "Classic EIP-7702 phishing exploit".

Xian also explained that even when users try to transfer remaining tokens from the compromised wallet, the gas fees can be rerouted to the attacker.

To reduce the damage, Xian recommended canceling or overwriting the delegate contract associated with EIP-7702. He also advised moving any remaining tokens to a secure wallet as soon as possible.

Recently, Anthropic warned that its chatbot, Claude, is being misused by bad actors to support online criminal activity. How? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
binance
×
Verified

CLAIM $100 BONUS

Changelly Welcome Reward
Rating
5.0