Trump-Affiliated DeFi Platform WLFI Reveals Early Breach via Phishing Campaign

• Wallet addresses and seed phrases of some WLFI users were exposed to external vulnerabilities after attackers breached the platform via phishing.
• WLFI faces other allegations, but the firm continues to show commitment through partnership and product release.

World Liberty Financial (WLFI), a Trump-affiliated decentralized finance (DeFi) company, has disclosed a recent phishing attack. Attackers accessed some user wallets and third-party security lapses before the platform officially launched.

Details of the WLFI Phishing Campaign Breach

The WLFI team revealed in an X thread that the breach stemmed from external vulnerabilities and not flaws in its smart-contract architecture. 

This breach, caused by phishing attacks, exposed a relatively small subset of user wallets or seed phrases. Scammers tricked users into revealing wallet details, likely via fake emails or websites mimicking WLFI.

World Liberty Financial Breach Update | Source: WLFI

The WFLI team clarified that attackers gained access to user wallets through third-party security lapses. Once the team identified the problem, WLFI froze impacted wallets, verified ownership, and asked users to re-complete KYC to confirm identity. These measures were necessary to ensure funds were returned only to legitimate owners.

The team did not stop at freezing and verification. Instead, they built and tested a new smart contract system designed to handle bulk reallocations. 

This ensures the process is efficient, secure, and scalable. World Liberty Financial, however, acknowledged that the process took longer than initially expected.

The company also promised verified users that funds from compromised wallets will soon be moved to brand-new, secure wallets provided by WLFI.

According to the company, users’ wallets that have not yet submitted a support ticket will remain frozen. Frozen wallets stay that way until users verify via the WLFI help center.

Recall that WLFI formally launched in 2024, expanding its utility across top blockchains. In April, the company rolled out a USD1 stablecoin, and WLFI holders endorsed open market trading on July 17 with 99.94% support. 

WLFI Overcoming Challenges

Meanwhile, the recent breach via phishing is just the latest in a string of controversies for the firm. As we covered in our latest report, the company launched its signature WLFI token in September. 

Co-founder Donald Trump Jr. described the token as “the governance backbone of a real ecosystem changing how money moves.”

However, the company faced scrutiny of an alleged $750 million deal. According to reports, WLFI facilitated a takeover of payments firm Alt5 Sigma, raising $750 million from external investors. 

The company reportedly used the funds to purchase WLFI tokens directly from World Liberty Financial. Former regulators caution that these arrangements can obscure transparency and create potential conflicts of interest.

WLFI also faced accusations regarding its role in Binance’s $2 billion deal with an Emirati fund. Binance founder Changpeng Zhao, who had served a 4-month prison term, received a pardon from President Donald Trump shortly after.

Earlier this week, Senator Elizabeth Warren also called for an investigation into WLFI. The Senator alleged that WLFI may have sold governance tokens to wallets linked to North Korea, Russia, Iran, and Tornado Cash.

Amid these controversies, Eric Trump recently confirmed that he is developing a real estate tokenization project through WLFI, suggesting his commitment to the firm.

Furthermore, World Liberty Financial plans to restore confidence by using liquidity fees for buybacks and burns. As detailed in our last news piece, this would reduce WLFI’s supply to help support its value.