Phantom Technologies Sued Over $500,000 Crypto Theft Due To Security Flaws

A lawsuit filed on Monday against Phantom Technologies alleges that security vulnerabilities in its crypto wallet, Phantom, resulted in the theft of over $500,000 worth of Wiener Doge (WIENER) tokens from a developer's account. The complaint, filed in the Southern District of New York, claims that a cybercriminal hacked into the developer's personal computer and exported his private key from the web browser's working memory, gaining unrestricted access to all funds in his three co-linked Phantom wallets without needing to bypass multi-factor authentication.

The lawsuit, brought by crypto law firm Murphy's Law founding partner Thomas Liam Murphy and 13 other plaintiffs, alleges that Phantom exposed users to malware and crypto theft due to fundamental design flaws. Despite marketing its security as "best-in-class," Phantom allegedly stored users' private keys in unencrypted browser memory, making them vulnerable to extraction by malware. The complaint further alleges that Phantom lacked any system for transaction velocity checks, geolocation anomalies, or withdrawal limits, comparing the Solana wallet to how Coinbase wallets operate.

The plaintiffs claim that the cybercriminal used Phantom's built-in "Swapper" feature to liquidate Wiener Doge tokens worth approximately $500,000 for only $37,537 in Solana (SOL). This mass liquidation allegedly destroyed the value of the entire Wiener Doge project, which had reached a market capitalization of $3.1 million at its peak. The suit also names OKX, a crypto exchange that partnered with Phantom in November 2024, citing OKX’s guilty plea to federal money laundering charges for facilitating $5 billion in illicit transactions. The plaintiffs argue that Phantom's failure to disclose its direct integration with OKX was deceptive.

The plaintiffs are seeking at least $3.1 million in damages, claiming that Phantom violated the Commodity Exchange Act by operating as an unregistered trading platform while evading regulatory oversight through "superficial claims of decentralization." Phantom, valued at over $3 billion and widely regarded as the go-to wallet for Solana blockchain users, hosts assets worth approximately $25 billion across 10 million active users. The company has not yet issued a public response to the allegations.

This lawsuit highlights significant concerns about the security and transparency of crypto wallets, particularly those marketed as "best-in-class." The allegations against Phantom suggest that even well-regarded platforms may have fundamental design flaws that leave users vulnerable to cyber threats. The case also raises questions about the regulatory oversight of crypto exchanges and wallets, as well as the potential risks associated with partnerships between these entities. The outcome of this lawsuit could have broader implications for the crypto industry, potentially leading to increased scrutiny and regulation of crypto wallets and exchanges.