An investor's privately placed WLFI was completely stolen after a private key leak was exploited by an EIP-7702 phishing attack.
Jinse Finance reported that SlowMist's Cosine disclosed on the X platform that an investor lost all WLFI tokens participated in a private placement due to private key leakage. He stated that this was a classic EIP-7702 phishing exploit. First, the private key was leaked, and the phishing group (possibly more than one) set up an EIP-7702 exploit mechanism for the wallet address corresponding to the victim's private key. This mechanism would "automatically" transfer away any Gas sent in when attempting to transfer the remaining tokens, such as the WLFI tokens locked in the Lockbox contract. The frontrunning approach is feasible: send in Gas, cancel or replace the ambushed EIP-7702 with your own, and transfer away the valuable tokens. These three actions are packaged and sent in one block using flashbots.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Data: If ETH falls below $4,242, the total long liquidation volume on major CEXs will reach $2.099 billions
Trending news
MoreThe ancient BTC whale who recently made headlines for swapping BTC for ETH has once again transferred 1,000 BTC to Hyperliquid 30 minutes ago to exchange for ETH.
A certain whale spent 15 million USDC in the first round of public offering to subscribe for 1 billion WLFI. Tomorrow, 200 million WLFI worth 70 million USD will be unlocked and claimed.
Crypto prices
More
