80% of top WLFI holders cash out within hours as phishing threats loom
Around 80% of the top 10 largest holders of World Liberty Financial’s WLFI token took profits within a day of the asset’s launch.
On Sept. 2, pseudonymous blockchain analyst Aixpta reported that eight of the top ten WLFI holders had either partially or fully sold their positions. According to the analysis, only the second and fifth largest wallets have yet to move their tokens.
For context, blockchain researcher Ember CN had stated that WLFI’s active largest holder, moonmanifest.eth, unlocked 200 million WLFI, worth nearly $59.5 million, before selling 10 million tokens for $2.1 million at $0.21 apiece just five hours later.
Meanwhile, other top holders acted more decisively during the reporting period.
The sixth-largest wallet, tied to convexcuck.eth, sold $3.8 million worth of tokens through Whales Market to 36 separate buyers.
Additionally, several additional wallets ranked among the top ten sent their holdings directly to centralized exchanges minutes after WLFI began trading on Sept. 1.
These rapid sell-offs suggest that early investors moved quickly to secure profits, even as the project faced mounting volatility during its first trading day.
Phishing threats emerge
While early selling has weighed on WLFI’s market momentum, blockchain security specialists are warning of a rising phishing threat targeting the token holders.
Over the past days, Yu Xian, founder of SlowMist, has repeatedly warned of phishing attacks that exploit Ethereum’s new EIP-7702 standard and are targeted at WLFI token claimers.
Xian cited the example of one WLFI wallet that was drained across multiple addresses after attackers deployed a malicious contract tied to Ethereum’s 7702 delegate function.
According to the Slowmist founder, once a private key is compromised, the exploit allows the hacker to pre-plant a delegate address that siphons away all assets, including ETH meant for gas fees, leaving the victim with nothing.
Meanwhile, Xian noted that holders can still defend against the exploit by front-running it. This involves paying gas to override the malicious delegate contract, replacing it with a safe one, and moving tokens in the same block through flashbots.
