WLFI, which an investor participated in private placement, was stolen by EIP-7702 phishing due to private key leakage
2025-08-31 12:25:58
SlowMist Cosine disclosed on the X platform that an investor had stolen all the WLFI participating in the private placement due to the leakage of the private key. He said that this is a classic EIP-7702 phishing exploit. First, the private key is leaked, and the phishing gang (possibly more than one) has ambushed the wallet address corresponding to the victim's private key. The EIP-7702 exploit mechanism, as long as this mechanism tries to transfer the remaining tokens, such as these WLFI tokens thrown into the Lockbox contract, the gas will be "automatically" transferred. The idea of preempting is feasible: enter the gas, cancel or replace the ambushed EIP-7702 with your own, and transfer the value tokens. These three actions are packaged and sent in a block with flashbots.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.