The WLFI that an investor participated in private equity was stolen by EIP-7702 phishing due to private key leakage

PANews reported on August 31 that Slow Fog Cosine disclosed on X platform that a certain investor was stolen from all private equity WLFIs due to private key leakage. He said that this is a classic EIP-7702 phishing. First of all, the private key is leaked, and the phishing gang (maybe more than one) ambushed the wallet address corresponding to the victim's private key. EIP-7702 uses the mechanism. As long as this mechanism tries to transfer the remaining tokens, such as these WLFI tokens thrown into the Lockbox contract, the gases that are inscribed will be "automatically" transferred away. The idea of ​​jumping out is feasible: enter the Gas, cancel or replace the ambushed EIP-7702 with its own, and transfer the value token. These three actions are packaged and sent in a block.