According to Odaily Planet Daily, SlowMist security researcher Yu Xian disclosed on the X platform that an investor's private key was compromised, resulting in the theft of all WLFI they received in a private sale. This attack is a typical EIP-7702 phishing exploit: the attacker pre-installed a malicious mechanism in the victim's wallet address. If an attempt was made to transfer remaining tokens (such as WLFI deposited in a lockbox), the gas paid would be automatically transferred. The attacker then used a front-running operation to inject gas, replace the malicious contract, and transfer the tokens within the same block, thereby achieving the theft.