World Liberty Financial (WLFI) , the DeFi venture closely tied to President Donald Trump and his family, disclosed that attackers accessed some user wallets through phishing and third-party security lapses before the platform officially launched.
Summary
- WLFI says a pre-launch breach stemmed from phishing and third-party security lapses, not flaws in its own smart contracts, and has frozen affected wallets.
- The incident comes amid heightened scrutiny of WLFI, which has faced questions about governance, transparency, and its rapid token sales.
- The company claims to be reallocating funds only after new KYC checks.
The company says the breach did not stem from any flaws in its smart-contract architecture—but rather external vulnerabilities.
WLFI stated that attackers accessed the wallets through external phishing and third-party security lapses, not through flaws in WLFI’s platform or smart contracts.
The firm formally launched in 2024. It then rolled out a USD1 stablecoin in April followed by its signature WLFI token in September.
What happened
Upon identifying the issue, WLFI froze impacted wallets, verified ownership, and began developing new on-chain logic to restore funds to users, the company said.
WLFI required all affected users to re-complete Know Your Customer checks to confirm identity before receiving a new wallet. The company stated these measures were necessary to ensure funds were returned only to legitimate owners.
Engineers built and tested a new smart contract system designed to handle bulk reallocations securely. The process took longer than initially expected, according to WLFI.
Reallocation of user funds will begin shortly for individuals who completed the required verification process, the company said. Wallets belonging to users who have not yet reached out or completed the steps will remain frozen, though those users can still begin the verification workflow through the company’s help center, according to WLFI.
This is just the latest in a string of controversies for the firm, which its co-founder Donald Trump Jr. described in September as “the governance backbone of a real ecosystem changing how money moves.”
Recall how WLFI played a role in Binance’s $2 billion deal with an Emirati fund. Afterward, Binance founder Changpeng Zhao received a pardon for his four-month prison term from President Trump.
And, just this week, Senator Elizabeth Warren called for an investigation into WLFI, alleging that it may have sold governance tokens to wallets linked to North Korea, Russia, Iran, and Tornado Cash.
Source: https://crypto.news/wlfi-breach-raises-eyebrows-trump-backed-crypto-firm/
