Key Takeaways
- The World Liberty Financial (WLFI) project has used on-chain blacklisting to prevent hackers from draining funds from compromised user wallets.
- The blacklisting was initiated by the project’s core team and targeted accounts identified as compromised, preventing a large-scale theft from the project’s “Lockbox” vesting mechanism.
- The team has stressed that the incidents are due to user-side vulnerabilities, such as leaked private keys, and not a flaw in the WLFI protocol itself.
In a proactive measure to protect its users, the Trump-linked decentralized finance (DeFi) project World Liberty Financial (WLFI) announced it successfully blocked a series of hacking attempts.
According to the team, they used an “on-chain blacklisting” mechanism to disable compromised wallets, thwarting theft attempts related to the project’s recent token launch.
Blacklisting vs. Exploiting a Protocol
On-chain blacklisting is a centralized action where the issuer or a designated authority of a crypto asset can add a wallet address to a list that prevents it from interacting with the smart contract, effectively freezing the assets.
In this case, the WLFI team used this capability to disable compromised wallets, preventing hackers from draining tokens from the Lockbox, a vesting mechanism that holds locked tokens for users.
The team emphasized that these incidents were not a protocol exploit, which would mean the project’s smart contracts themselves were flawed. Instead, the attacks were a result of end-user compromises, such as leaked private keys, which are most often stolen through phishing scams.
By blacklisting the compromised wallets, the WLFI team was able to provide a centralized solution to a decentralized problem, preventing the bad actors from executing the “classic EIP-7702 phishing exploit” that has been affecting some tokenholders.
This exploit, as reported by security experts like SlowMist’s Yu Xian, involves an attacker planting a malicious contract in a victim’s wallet that allows them to “snatch” tokens the moment a new deposit is made.
A Centralized Solution to a Decentralized Problem
While blacklisting is not a common practice in the decentralized ethos of most DeFi projects, it can be a necessary tool for damage control, particularly when a large number of users have had their private keys compromised.
The WLFI team stated they are now working with the affected users to help them regain access to their accounts.
Final Thoughts
WLFI’s use of on-chain blacklisting to stop hackers is a significant and somewhat controversial move in the DeFi space. While it provided immediate protection to tokenholders, it underscores the inherent tension between centralization and user protection.
Frequently Asked Questions
What is “on-chain blacklisting”?
“On-chain blacklisting” is a process where a token issuer or project team adds a wallet address to a list that prevents it from interacting with a smart contract, effectively freezing the assets in that wallet.
What is the difference between a “protocol exploit” and a “user-side compromise”?
A “protocol exploit” is a hack that targets a flaw in a project’s core code, while a “user-side compromise” occurs when a hacker gains access to a user’s personal wallet, often through a leaked private key.
What is the EIP-7702 exploit?
The EIP-7702 exploit is a phishing scam where a hacker, after obtaining a user’s private key, plants a malicious contract in the wallet to automatically drain any new funds or tokens that are deposited.
