Popular cryptocurrency wallet provider, Phantom Wallet, is currently facing a class-action lawsuit for allegedly being involved in a $500,000 crypto theft, according to a court DA complaint filed on April 14 in the Southern District of New York.
The plaintiffs, Liam Murphy, Mark Miranda, Gabrielle Reed, Alex Perry, Charles Sustaita, Trevor Perry, Joy Morgan, Mickey Murphy, Dr. James Morgan, Walker Post, Cassidy Hooper, Sara Jessica-Dilks, Traviis Massengale, and Jeffrey Allton, claim that Phantom Wallet’s security measures were inadequate, allowing hackers to exploit vulnerabilities and steal funds.
The court document read,
“Phantom has long known that its browser application stores decrypted private keys in volatile memory—an architecture that exposes users to malware and key theft. Hundreds of online complaints document users being “drained” through this exact exploit. Despite this, Phantom has never warned consumers of this vulnerability, never disclosed it in user agreements, and never reported related breaches to regulators—violating its obligations under both state cybersecurity regulations and federal commodities law.”
Phantom Wallet Users Lose Funds to Exploit
One of the plaintiffs, Liam Murphy, the developer behind the ‘layer two’ Solana cryptocurrency, Wiener Doge, narrated his harrowing experience. Murphy, who spearheaded the lawsuit, recounted the significant financial losses he suffered due to alleged negligence on the part of Phantom Wallet.
According to Murphy, the malicious actor stole his decrypted private key from his browser and gained unrestricted access to three of his Phantom wallets. Without needing to bypass any security measures, including two-factor authentication, the attacker swiftly drained over $500,000 in cryptocurrency from Liam’s accounts.
The attacker converted the stolen funds into Solana (SOL), using the wallet’s “Swapper” feature and then liquidating the tokens worth $500,000 for a mere $37,537.
The attack caused the value of Murphy’s coin Wiener Doge to drop from $3.10 to less than $0.01, causing him to lose a substantial portion of his assets. However, it seems Murphy was not the only victim as other users claimed hackers also exploited their wallets and drained their funds using the same method.
Therefore, based on their ordeals, the plaintiffs brought seven claims against Phantom, alleging various violations of laws and regulations, including commodities laws, cybersecurity requirements, and consumer protection statutes.
In a similar incident, a trader lost $1.2 million SPL tokens after upgrading his Phantom wallet app.
