TLDR
- WLFI identified and froze 272 wallets compromised by phishing attacks before the token’s official launch.
- Malicious contracts were placed in compromised accounts, enabling attackers to drain tokens once WLFI went live.
- WLFI implemented new smart contract logic to handle bulk reallocations and protect user funds.
- The company began a verification process to ensure that recovered tokens were returned to the correct recipients.
- WLFI burned 166.667 million tokens worth $22.14 million from compromised addresses during the breach.
World Liberty Financial (WLFI) has blacklisted a group of user wallets compromised prior to the official launch of its token. The company identified phishing attacks, leaked seed phrases, and other security failures as the root cause. The breaches were unrelated to WLFI’s own systems but were linked to third-party tools and malicious schemes that exposed private keys during the token’s launch on September 1.
Malicious Contracts Exploit Vulnerabilities
WLFI reported that attackers placed malicious contracts into compromised accounts, allowing them to drain tokens once the WLFI token went live. This attack occurred shortly after Ethereum’s EIP-7702 Pectra upgrade, which contributed to the breach. The company revealed that most compromises resulted from phishing attempts and exposed credentials. The affected wallets were frozen as soon as suspicious activity was reported.
According to WLFI, the company implemented additional smart contract logic to handle bulk token reallocations. This new protocol aims to safeguard against future security breaches. The company emphasized that it took swift action to verify user identities and return any recovered funds to the rightful owners.
1/ Prior to WLFI’s launch, a relatively small subset of user wallets were compromised via phishing attacks or exposed seed phrases.
Since then, we’ve tested new smart contract logic to safely reallocate user funds and verified users’ identity via KYC checks.
Shortly, users who…
— WLFI (@worldlibertyfi) November 19, 2025
WLFI froze 272 wallets that were compromised in the breach. It issued a warning to users about fake support accounts and scam recovery services circulating at the time. The company urged users to complete identity checks to ensure tokens were sent to the correct accounts. For those who have not yet contacted the company, their tokens remain frozen until they undergo the verification process.
The company stated that users can begin the verification process at any time through WLFI’s help center. Once users have completed the required checks, WLFI will initiate the reallocation of funds to affected wallets. The platform has already implemented an emergency contract function that has burned 166.667 million WLFI tokens, worth approximately $22.14 million, from compromised addresses.
Senators Call for Investigation into WLFI Activities
As WLFI’s token began trading, it experienced a significant drop of more than 15%. Despite the decline in token value, WLFI continues to assure users that it is committed to securing the community. However, the company’s activities have come under scrutiny. A report from Accountable highlighted that WLFI sold tokens to traders linked to a blockchain address sanctioned for ties to North Korea’s Lazarus hacking group.
In response, Senators Elizabeth Warren and Jack Reed, members of the Senate Banking Committee, have called for a federal investigation. They claim that WLFI’s involvement with sanctioned individuals from North Korea, Russia, and Iran poses a national security risk. The company has rejected these allegations, stating that it conducted rigorous AML/KYC checks on all pre-sale purchasers of its WLFI token.
Despite security challenges, WLFI remains committed to the integrity of its operations. The company affirmed its commitment to protecting its users through enhanced security measures. WLFI continues to emphasize that it will work with users to ensure all compromised funds are returned to their rightful owners. The company’s efforts aim to rebuild trust and continue developing its platform.
