Scammers, aiming to cash in on the buzz surrounding the Trump family-backed World Liberty Financial’s WLFI token sale, lured investors with fake airdrops that concealed a phishing campaign.
On Oct. 16, crypto scammers ran an elaborate campaign targeting investors who were eager to get their hands on the governance token for the World Liberty Financial project, which aims to offer a unified platform where users can lend, borrow, and transact with stablecoins.
An X account controlled by scammers was seen promoting a fake WLFI airdrop to mislead users and redirect them to a phishing site that looked like a poorly made replica of the official WLF website. The account had been rebranded to closely mimic the real project, with subtle changes to the username that are easy to miss at first glance.
Ironically, the fraudulent account donned the golden checkmark, which signifies that an organization is verified, while the actual World Liberty Financial project has yet to receive this verification.
The timing was strategic, as the official public token sale for WLFI had just gone live the previous day with 749.51M tokens sold as of press time. The ongoing sale, however, is strictly limited to non-U.S. persons and accredited U.S. investors, with over 100,000 accredited U.S. investors whitelisted ahead of the launch.
The post claimed to offer a limited-time 1.5x multiplier on WLFI purchases during the pre-sale, urging potential investors to act quickly before the “offer” expired. Under the pretense that this was a limited-time deal, scammers directed users to airdrop-worldliberty[.]com, where the actual attack unfolds.
When on the fake website, users are prompted to connect their crypto wallets, after which they are asked to confirm a malicious transaction that grants the attackers full control of their wallets. Dubbed approval phishing, this tactic has become quite common among scammers in recent times and has led to billions of dollars in losses.
To convince unsuspecting users to approve the transactions, the website claims the signature is required to prove ownership of the wallet.
Interestingly, if a user tries to connect an empty wallet, they’re hit with a notification saying it’s not eligible and are prompted to either “top up” the wallet or connect one with funds. This clever tactic shows just how intricate the scam is, ensuring the attackers focus only on wallets loaded with assets worth going after.
At the time of writing, the scammers were actively promoting the fraudulent website under posts from Republican presidential candidate Donald Trump, who had taken to X to promote World Liberty Financial. The fake website was also being pushed under several posts from the project’s official X account, to amplify the reach of the scam.
A surge in phishing scams
According to blockchain security firm CertiK, phishing attacks were the most damaging attack vector for Q3 2024, leading to losses upwards of $343 million.
Fake X accounts impersonating legitimate crypto projects are one of the most common ways that crypto investors end up on phishing platforms. Earlier this year, cybersecurity firm SlowMist warned that more than 80% of the comments under posts from major crypto projects were scams, highlighting just how widespread these tactics have become.
Just recently, a wallet reportedly linked to crypto venture capital fund Continue Capital lost over $35 million after falling victim to one of these phishing schemes. While in late August, a DAI holder lost $55 million worth of the stablecoin after signing a malicious transaction.