PANews reported on August 31st that SlowMist Yuxian disclosed on the X platform that an investor had all their WLFI invested in a private placement stolen due to a private key leak. He stated that this was a classic EIP-7702 phishing exploit. First, the private key was leaked. The phishing gang (possibly more than one) embedded an EIP-7702 exploit in the wallet address corresponding to the victim's private key. This exploit automatically transfers any remaining tokens, such as WLFI tokens thrown into the Lockbox contract, by depositing gas. This front-running strategy is feasible: depositing gas, canceling or replacing the embedded EIP-7702 with their own, and transferring the value tokens. These three actions are bundled and sent in a single block using flashbots.