World Liberty Financial (WLFI) said it is reallocating funds and confirming user identities after several wallets were compromised ahead of its platform launch.
Reports have disclosed that the breaches came from either phishing attacks or exposed seed phrases, not from WLFI’s own platform or smart contracts, the company said.
WLFI described the problem as linked to third-party security failures and said only a “small subset” of users were hit — though it did not give exact figures on how many accounts or how much crypto was involved.
1/ Prior to WLFI’s launch, a relatively small subset of user wallets were compromised via phishing attacks or exposed seed phrases.
Since then, we’ve tested new smart contract logic to safely reallocate user funds and verified users’ identity via KYC checks.
Shortly, users who…
That firewall step appears intended to limit further loss while the company sorts ownership questions.
Their letter referenced a watchdog report from Accountable.US that linked transactions to the Lazarus Group — a North Korea-linked actor on sanctions lists — and to an Iranian crypto exchange. It remains unclear whether the wallet compromises are related to the transactions lawmakers flagged.
Security researchers have pushed back on some of the watchdog’s claims. Taylor Moynahan of MetaMask and Nick Bax of Ump.eth said the Accountable.US analysis misread certain on-chain activity.
Another day in crypto with wild allegations. Today, it’s that a North Korea-linked address invested in WLFI.
I do a some DPRK crypto research myself, so I decided to take a look at their findings.
Bax argued that the report mistakenly connected a wallet tied to an individual known as “Shryder” with DPRK-linked activity, which led to the freezing of roughly $95,000 in WLFI tokens.
WLFI has responded by emphasizing user protection and compliance. The company said it prioritized freezing vulnerable wallets and verifying rightful owners before any transfers. It also announced tests of revised smart contract logic meant to reduce the chance of similar breaches in future rollouts.
Featured image from Gemini, chart from TradingView
