An investor's privately placed WLFI was completely stolen after a private key leak was exploited by an EIP-7702 phishing attack.
Jinse Finance reported that SlowMist's Cosine disclosed on the X platform that an investor lost all WLFI tokens participated in a private placement due to private key leakage. He stated that this was a classic EIP-7702 phishing exploit. First, the private key was leaked, and the phishing group (possibly more than one) set up an EIP-7702 exploit mechanism for the wallet address corresponding to the victim's private key. This mechanism would "automatically" transfer away any Gas sent in when attempting to transfer the remaining tokens, such as the WLFI tokens locked in the Lockbox contract. The frontrunning approach is feasible: send in Gas, cancel or replace the ambushed EIP-7702 with your own, and transfer away the valuable tokens. These three actions are packaged and sent in one block using flashbots.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Data: If ETH falls below $4,242, the total long liquidation volume on major CEXs will reach $2.099 billions
Data: A certain Bitcoin OG whale sold 4,000 BTC and bought over 96,800 ETH in the past 12 hours
Trending news
MoreCrypto prices
More
