Over the past week, the leadership of the Trump Family’s new World Liberty Financial (WLF) DeFi project has come to light. Their relative inexperience in crypto has many in the industry, including Trump advocates, concerned that the project is vulnerable to not only money-motivated hacks, but politically-motivated ones as well.
“[Trump is] bringing a big risk to his brand and personality if they don’t involve the right people,” said Marshall Hayner, the CEO of Metallicus, which hosts its own DeFi lending protocol Metal X, and a Trump supporter. “DeFi lending is one of the most difficult spaces in crypto because you have so many complex moving parts.”
Little is known so far about WLF, which was formerly named “The Defiant Ones.” However, portions of a white paper seen by Coindesk show its early iterations are built on the code base from Dough Finance, a DeFi project that suffered a $2 million hack in July. In addition, several key players are relatively inexperienced in blockchain technology, including Trump’s youngest son, 18-year-old Barron Trump, who is listed in the white paper as WLF’s “DeFi visionary,” as well as real estate developer Steve Witkoff and his son Zack Witkoff, who lead the project’s “Institutional Investment” and “Intelligence” groups, respectively. Trump’s two other sons, Donald Trump Jr. and Eric Trump, are listed as the project’s “Web3 Ambassadors,” with both appearing to have little crypto experience besides familial affiliations with Trump’s NFT projects and personal friendships with some industry advocates.
Read more: Trump Promises to ‘Embrace’ Crypto and Bitcoin in Economic Policy Speech
According to CoinDesk’s sources, the founders of Dough Finance are Chase Herro, a cryptocurrency entrepreneur linked to pricey private networking clubs, and Zachary Folkman, founder of a company called “Date Hotter Girls LLC” through which he peddled pick-up artist technique “masterclasses.” Herro is listed in the white paper as World Liberty Financial’s Data Strategies Lead, while Folkman is shown as its Head of Operations. Neither has had a particularly high profile in crypto in the past.
Aside from WLF apparently using Dough Finance’s code base, no one named as a core leader in the white paper seen by CoinDesk boasts any technical development experience, implying that the project is outsourcing its technical expertise to third parties (WFL’s press office did not respond to requests for comment for this story). A thread posted by WLF on Wednesday says the company is “working with” security firms including Zokyo, Fuzzland, and PeckShield, and noted that “our code has been thoroughly reviewed by these industry leaders.”
According to Hayner, relying on third-party experts for technical development is catnip for hackers, who often look to exploit parts of the stack that leadership is trusting third parties to build securely and responsibly. DeFi projects are typically spearheaded by developers, and even some of those projects have fallen victim to attacks when relying on third parties. For example, Mango Markets was one of several protocols that fell prey to oracle manipulation in 2022. “If you are reliant on third parties and you don’t know how to build these technologies yourself — well, I guess the saying is you’re only as strong as your weakest link,” said Hayner.
Multiple Motivations
Financial gains are typically the biggest incentive for hackers. Already, cyber criminals have drawn in more than 70,000 Telegram users to a scam channel claiming to be connected to WFL, according to The Independent. The X accounts of Trump’s daughter Tiffany and daughter-in-law Lara Trump were also hacked on Tuesday evening in order to promote a fraudulent “governance token” supposedly tied to WFL. Although the latter case represents failures in X’s security rather than the forthcoming DeFi protocol, it demonstrates the money that bad actors stand to gain.
The FBI, for its part, warned this week that North Korea in particular is targeting DeFi to steal funds, often with sophisticated social engineering campaigns. The FBI said that these attacks often utilize “affiliations, events, personal relationships and professional connections.” North Korea’s Lazarus group has stolen approximately $3 billion worth of cryptocurrency over the past seven years, according to a report from threat intelligence company Recorded Future.
A crypto project from a former and potential second-term president would also be likely to attract attacks from foreign states such as North Korea, Russia, China, Iran, or other hostile governments looking to humiliate a major American politician and/or destabilize the U.S. political system. Iran, for example, hacked Trump’s presidential campaign earlier this year, with the FBI saying that the nation state had targeted “both political parties” through social engineering campaigns. And Russia is also alleged to have tried to interfere in the 2016 and 2020 U.S. presidential elections, although with the apparent purpose of helping Trump get elected, not preventing it.
Read more: How to Invest In Crypto Depending on Whether Trump or Harris Becomes President
Trump’s specific brand of political divisiveness also adds to the attractiveness of WLF as a target. “If you do anything in the crypto space you’re susceptible to a lot of hacking, and then, if you are Trump, you have a lot of people who want to ruin and hack what [you’re] doing,” said Erik Finman, a prominent cryptocurrency investor and another Trump supporter.
Finman noted that in addition to countries like North Korea or Russia looking to sow instability, extremists in the U.S. on either side of the political spectrum might be motivated to attack a Trump crypto project. “American communists in their basement, or American alt-right people in their basement, are probably far more talented at causing chaos with their hacking abilities,” Finman said.
A Back-and-Forth on X
Multiple experts took to X to encourage WLF to hire more experienced voices in order to de-risk the project from potential hackers. In response to a tweet from World Liberty Financial claiming that “the brightest minds in crypto are backing us,” consultant Austin Campbell urged the project to “come talk to me, give me a full rundown and I will give you my honest opinion on what you are doing (good / bad / ugly, where it will work, where it will fail).”
Others were more pointed, critiquing announced leaders of the project. “The brightest minds in crypto were in fact not backing them,” posted Ethan Kravitz, general partner at AGE Crypto Funds, on X.
Hayner, for his part, says he’s somewhat relieved to see WLF post that it is not a “hostile fork” of Aave but rather “working with” the largest liquidity protocol. “You’d want someone like [Aave founder] Stani [Kulechov] there, or myself,” as experts who have built their own DeFi lending protocols from the ground-up and have endured several of crypto’s boom and bust cycles. “They should have the ability and experience to build the internal tools that they need, rather than relying on others,” Hayner noted.
World Liberty Financial appears to have heard the concerns. According to a post on Wednesday on the project’s official Telegram account that was later reposted on X, the project said “we are not taking any chances. We’re working with the top security experts in the world.” And a post on Thursday invited people who have “been in this space for a while” to contribute to the project.
