Users accuse Phantom of failing to protect private keys
A new lawsuit filed in the Southern District of New York alleges that a design flaw in Phantom’s crypto wallet exposed users to malware and led to the theft of over $500,000 in Wiener Doge (WIENER) meme coins. The suit, led by crypto lawyer Thomas Liam Murphy and 13 plaintiffs, claims Phantom stored private keys in unencrypted browser memory, leaving them vulnerable to cyberattacks.
The attacker allegedly accessed three linked Phantom wallets through browser memory and drained the tokens without triggering any multi-factor authentication or protective controls. Phantom is accused of lacking basic safeguards such as velocity checks and geolocation filters.
Plaintiffs say project was destroyed
According to the suit, the hacker used Phantom’s built-in swap feature to liquidate WIENER tokens worth $500,000 for just $37,537 in Solana, collapsing the project’s market value and destroying its $3.1 million market cap. The plaintiffs are seeking damages equal to the lost market value, arguing Phantom’s negligence led to the token’s collapse.
Phantom, which is used by over 10 million wallets and holds around $25 billion in assets, denied wrongdoing. “We strongly deny any allegations of wrongdoing,” a company spokesperson told Decrypt. “The claims in this lawsuit are entirely without merit.”
OKX also named in the lawsuit
The lawsuit also names OKX, Phantom’s partner since November 2024, citing the exchange’s past guilty plea in a federal money laundering case. The plaintiffs argue Phantom’s failure to disclose this partnership was misleading and contributed to the loss.
The suit further alleges Phantom violated the Commodity Exchange Act by operating as an unregistered trading platform while evading oversight under the guise of decentralization.
