WLFI blocks hacking attempts with onchain blacklisting

Trump-linked decentralized finance (DeFi) project World Liberty Financial (WLFI) said it blocked hacking attempts targeting its token launch by blacklisting compromised wallets onchain. 

On Wednesday, WLFI said that a designated wallet executed “mass blacklisting” transactions to disable accounts identified as compromised before it launched. The team said the hacking attempts stemmed from end-user compromises like private key losses and stressed that the incidents were not an exploit of the WLFI project itself. 

WLFI said the project’s blacklisting efforts prevented attempts to hack its “Lockbox,” a vesting mechanism that safeguards locked token allocations for its users. “This allowed us to block the theft attempts from the Lockbox,” WLFI wrote, linking to two Etherscan transactions showing the blacklist in action. 

The team added that they are working with compromised users so that they can regain access to their accounts. 

Source: World Liberty Financial 

Bad actors continue to target WLFI users

On Monday, World Liberty Financial unlocked 24.6 billion WLFI tokens as it opened trading for the first time. Since then, hackers and scammers have attempted to profit from the event, targeting users and the project. 

Analytics firm Bubblemaps identified “bundled clones,” which are look-alike smart contracts that imitate the project. This aims to trick unsuspecting users into engaging with fake contracts instead of legitimate ones and steal their crypto. 

Yu Xian, the founder of security company SlowMist, reported that some WLFI holders are being drained of their tokens through a known exploit using the Ethereum Improvement Proposal (EIP)-7702 upgrade. 

Xian said WLFI holders are being drained using a “classic EIP-7702 phishing exploit.” He explained that bad actors plant hacker-controlled addresses in victim wallets, allowing them to snatch the tokens when a deposit is made. 

Related: Trump-backed WLFI to unlock 24.6B tokens at launch

EIP-7702 upgrade opens offchain attack vector

In May, Ethereum's Pectra upgrade introduced EIP-7702, which allowed externally owned accounts to temporarily act like smart contract wallets. This enabled the delegation of execution rights and allowed batch transactions, with the goal of streamlining user experience. 

However, while the upgrade’s goal was to enhance user experience, security experts identified a new attack vector that could allow hackers to drain funds using only an offchain signature. 

Solidity smart contract auditor Arda Usman previously told Cointelegraph that it’s possible for attackers to drain user funds with only an offchain signed message with no direct onchain transaction being signed.

Magazine: Bitcoin to see ‘one more big thrust’ to $150K, ETH pressure builds: Trade Secrets