- Trending
- Comments
- Latest
World Liberty Financial has burned $22.1 million worth of tokens and frozen 272 wallets to contain damage from a phishing attack that compromised users before the platform’s official launch.
The crypto firm, backed by Donald Trump’s inner circle, completed the emergency operation on November 19 after weeks of investigation into wallets accessed through malicious links and exposed seed phrases.
WLFI stated that the Wlfi pre-launch phishing attack resulted from external phishing operations and third-party security lapses rather than internal contract vulnerabilities. According to the company, attackers accessed user wallets through exposed seed phrases and malicious links before WLFI’s launch, prompting the team to freeze 272 wallets.
In a statement, the firm reiterated that the breach was entirely external: “These issues came from third-party security lapses, not WLFI’s contracts,” WLFI said in its communication. The company added that it opted for a careful, step-by-step recovery process to avoid compounding losses linked to the Wlfi pre-launch phishing attack.
In September, WLFI halted activity in the affected wallets, initiating new Know Your Customer (KYC) checks to confirm ownership and collect updated secure wallet addresses. WLFI engineers then spent several weeks building and testing a smart contract mechanism capable of burning compromised tokens and reallocating the same value to verified users—a measure the company described as necessary to reverse the effects of the Wlfi pre-launch phishing attack.
On-chain data reviewed by analysts later confirmed that approximately 166.667 million WLFI, valued at $22.14 million, had been burned from compromised wallets. Equivalent tokens were issued to newly verified wallets after KYC approval.
On-chain researcher Emmett Gallic examined the transaction and noted that the emergency function was specifically created for cases where a user loses access to a wallet before vesting or when attackers assume control. Gallic pointed to the contract’s role in responding directly to events such as the Wlfi pre-launch phishing attack.
WLFI said users who completed verification will receive reallocated tokens, while wallets belonging to individuals who have not yet initiated the recovery workflow will remain frozen. The company urged affected users to rely solely on official customer support channels, citing the rise of fake support accounts exploiting the Wlfi pre-launch phishing attack narrative.
While WLFI maintains that the breach stemmed from third-party weaknesses, technical traces point to a combination of phishing activity and vulnerabilities connected to issues arising during Ethereum’s Pectra upgrade. Some compromised wallets contained malicious contracts linked to EIP-7702–related exploits, allowing attackers to trigger token drains.
The company said it adopted a conservative strategy to avoid reallocating funds to the wrong parties, adding that the number of users impacted by the Wlfi pre-launch phishing attack remains limited. WLFI’s engineers emphasized that the new smart contract logic was tested extensively to handle bulk reallocations—a process that took longer than expected.
This incident—the most substantial WLFI security challenge to date—comes amid heightened scrutiny of the firm’s governance and transparency model. Trump-affiliated figures have promoted WLFI as a cornerstone of a new financial ecosystem, but critics argue that security lapses such as the Wlfi pre-launch phishing attack fuel lingering concerns.
The timing of the Wlfi pre-launch phishing attack response coincides with mounting pressure from lawmakers. Earlier in the week, U.S. Senators Elizabeth Warren and Jack Reed requested investigations into allegations that WLFI governance tokens may have been sold to wallets associated with North Korea, Russia, Iran, and Tornado Cash.
WLFI has not commented directly on these allegations since issuing its security update but continues developing its USD1 stablecoin and expanding integrations. On the firm’s larger mission, co-founder Donald Trump Jr. said in September, “WLFI is the governance backbone of a real ecosystem changing how money moves.”
The company, however, now finds itself managing both technological fallout from the Wlfi pre-launch phishing attack and political scrutiny over its operational model. WLFI said its priority remains restoring affected users’ balances and reinforcing security controls as it prepares for subsequent releases.
