1 hour ago
301
World Liberty Financial (WLFI) said it is reallocating funds and confirming user identities after several wallets were compromised ahead of its platform launch.
According to WLFI’s post on X, the company froze the affected addresses in September and has been verifying ownership before moving assets back to users who pass the checks.
Wallet Breaches And Response
Reports have disclosed that the breaches came from either phishing attacks or exposed seed phrases, not from WLFI’s own platform or smart contracts, the company said.
WLFI described the problem as linked to third-party security failures and said only a “small subset” of users were hit — though it did not give exact figures on how many accounts or how much crypto was involved.
1/ Prior to WLFI’s launch, a relatively small subset of user wallets were compromised via phishing attacks or exposed seed phrases.
Since then, we’ve tested new smart contract logic to safely reallocate user funds and verified users’ identity via KYC checks.
Shortly, users who…
— WLFI (@worldlibertyfi) November 19, 2025
On-chain data cited by analyst Emmett Gallic of Arkham shows WLFI executed an emergency action that burned 166.67 million WLFI tokens, a move valued at $22.14 million from a compromised address, and then shifted tokens to a recovery address.
That firewall step appears intended to limit further loss while the company sorts ownership questions.
World Liberty Fi executed an emergency function burning 166.667M $WLFI ($22.14M) from compromised address, reallocating to a recovery address.
Function designed for two scenarios: An investor loses wallet access before vesting OR malicious account acquires WLFI via exploit pic.twitter.com/VSUDWhDPCR
— Emmett Gallic (@emmettgallic) November 19, 2025
Regulatory Spotlight Grows
The timing of the security disclosure has drawn extra attention. Based on reports, Senators Elizabeth Warren and Jack Reed asked the DOJ and Treasury to review alleged WLFI token sales tied to sanctioned parties.
Their letter referenced a watchdog report from Accountable.US that linked transactions to the Lazarus Group — a North Korea-linked actor on sanctions lists — and to an Iranian crypto exchange. It remains unclear whether the wallet compromises are related to the transactions lawmakers flagged.
Experts Question On-Chain FindingsSecurity researchers have pushed back on some of the watchdog’s claims. Taylor Moynahan of MetaMask and Nick Bax of Ump.eth said the Accountable.US analysis misread certain on-chain activity.
Another day in crypto with wild allegations. Today, it’s that a North Korea-linked address invested in WLFI.
I do a some DPRK crypto research myself, so I decided to take a look at their findings.
They’re bad and an innocent user is out $100k because of it
pic.twitter.com/yJKEH04nup
— Nick Bax.eth (@bax1337) November 18, 2025
Bax argued that the report mistakenly connected a wallet tied to an individual known as “Shryder” with DPRK-linked activity, which led to the freezing of roughly $95,000 in WLFI tokens.
WLFI has responded by emphasizing user protection and compliance. The company said it prioritized freezing vulnerable wallets and verifying rightful owners before any transfers. It also announced tests of revised smart contract logic meant to reduce the chance of similar breaches in future rollouts.
Featured image from Gemini, chart from TradingView
English (US)