Crypto phishing scammers target investors chasing Trump-backed WLFI tokens

Scammers aiming to cash in on rumors about the WLFI token sale of World Liberty Financial, backed by the Trump family, deceived investors with fake airdrops that disguised the phishing campaign.

Crypto scammers carried out an elaborate campaign on October 16 targeting investors looking to obtain the governance token for the World Liberty Financial project, which aims to offer a unified platform where users can lend, borrow and trade stablecoins.

Verified account rebranded as World Liberty Financial | Source: X

An The account has been rebranded to closely mimic the real project, and minor changes have been made to the username that are easy to miss at first glance.

Ironically, the fake account bears the golden check mark that indicates an organization has been verified, while the real World Liberty Financial project has yet to receive this verification.

The timing was strategic, as 749.51 million tokens had been sold as of WLFI’s official public token sale going live the previous day. However, the ongoing sale is strictly limited to persons outside the US and accredited US investors, with more than 100,000 accredited US investors whitelisted ahead of launch.

The post claimed to be offering a limited-time 1.5x multiplier on WLFI purchases during the presale, urging potential investors to act quickly before the “offer” expires. Claiming that this was a limited-time deal, scammers redirected users to airdrop-world freedom[.]com is where the real attack takes place.

The fake website asks users to link their crypto wallets and then confirm a malicious transaction that gives the attackers full control of their wallets. This tactic, called confirmation phishing, has become very common among scammers lately and has led to billions of dollars in losses.

Fake website impersonating World Liberty Financial | Source: crypto.news

To convince unsuspecting users to confirm transactions, the website claims that the signature is required to prove ownership of the wallet.

Interestingly, when a user tries to link an empty wallet, they are greeted with a notification that it is not suitable and are asked to either “top up” the wallet or link funds to a wallet. This clever tactic shows how sophisticated the scam is and allows attackers to focus only on wallets filled with assets worth going after.

Source: crypto.news

At the time of this writing, scammers were actively promoting the fake website under posts from Republican presidential candidate Donald Trump, who used X to promote World Liberty Financial. The fake website was also published under several posts on the project’s official X account to expand the reach of the scam.

Scammers promoting phishing link under official World Liberty Financial post | Source: X Increase in phishing scams

Phishing attacks were the most damaging attack vector for Q3 2024, causing losses of more than $343 million, according to blockchain security firm CertiK.

Fake X accounts impersonating legitimate crypto projects are one of the most common ways crypto investors reach phishing platforms. Earlier this year, cybersecurity firm SlowMist warned that more than 80% of comments under posts by major crypto projects were scams, highlighting how widespread these tactics have become.

Recently, a wallet reportedly linked to crypto venture capital fund Continue Capital lost more than $35 million after falling victim to one of these phishing schemes. In late August, a DAI holder lost $55 million worth of the stablecoin after signing a malicious transaction.