Crypto Phishing Scammers Target Investors Interested in Trump-Backed WLFI Tokens

cammers are exploiting the hype around the Trump family-backed World Liberty Financial (WLFI) token sale by running a phishing campaign disguised as a fake airdrop to lure in investors.

On October 16, an elaborate scheme was uncovered where fraudsters targeted those eager to purchase the WLFI governance token, designed to create a unified platform for lending, borrowing, and transacting with stablecoins. A fraudulent account on X (formerly Twitter) promoted a fake WLFI airdrop, misleading users and redirecting them to a phishing site that mimicked the official WLFI website with subtle alterations that were easy to overlook.

Notably, the scam account had a golden checkmark, indicating verification, even though the real World Liberty Financial project has not yet received this status. The timing of the scam was strategic, coinciding with the official launch of the WLFI public token sale, which had already sold 749.51 million tokens as of the report. However, this sale is limited to non-U.S. persons and accredited U.S. investors, with over 100,000 accredited U.S. investors pre-approved.

The fraudulent post claimed to offer a time-sensitive 1.5x multiplier on WLFI purchases during the pre-sale, urging potential buyers to act quickly before the "offer" expired. Users were directed to a phishing site at airdrop-worldliberty[.]com, where the attack unfolded.

Upon visiting the fake site, users were prompted to connect their crypto wallets and then asked to confirm a malicious transaction that would give the scammers full control over their wallets. This technique, known as approval phishing, has become increasingly common and has resulted in billions of dollars in losses.

To manipulate users into approving the transactions, the site falsely claimed that a signature was necessary to verify wallet ownership. Interestingly, if a user attempted to connect an empty wallet, they received a notification stating it was ineligible, prompting them to either "top up" their wallet or connect one with funds. This tactic illustrates the scammers' sophistication, as they focus solely on wallets with significant assets.

At the time of writing, the scammers were actively promoting the fraudulent website in the comments of posts made by Republican presidential candidate Donald Trump, who had also promoted World Liberty Financial. The fake website was further amplified through comments on the project’s official X account.

Surge in Phishing Scams

According to blockchain security firm CertiK, phishing attacks were the leading cause of losses in Q3 2024, resulting in over $343 million in damages. Fake accounts impersonating legitimate crypto projects are one of the most common ways investors fall victim to phishing scams. Earlier this year, cybersecurity firm SlowMist reported that more than 80% of comments on posts from major crypto projects were scams, highlighting the prevalence of such tactics.

Recently, a wallet associated with the crypto venture capital firm Continue Capital lost over $35 million due to a phishing attack. In another incident, a DAI holder suffered a loss of $55 million after unwittingly signing a malicious transaction.