TLDR
- Phantom Technologies faces lawsuit for alleged security flaws that led to $500,000 theft of Wiener Doge tokens
- Plaintiffs claim Phantom stored private keys in “unencrypted browser memory,” making them vulnerable to malware
- The theft and subsequent liquidation allegedly crashed Wiener Doge from $3.1 per token to under $0.01
- Lawsuit seeks $3.1 million in damages, citing violations of Commodity Exchange Act
- OKX exchange is also named in the lawsuit for enabling unauthorized transactions
A group of investors led by attorney Thomas Liam Murphy has filed a lawsuit against Phantom Technologies, alleging that security flaws in its popular Solana blockchain wallet led to the theft of over $500,000 worth of Wiener Doge (WIENER) tokens.
The lawsuit, filed on April 14 in the Southern District of New York, claims that Phantom’s wallet stored users’ private keys in “unencrypted browser memory,” making them vulnerable to theft despite the company’s claims of “best-in-class” security.
A cybercriminal allegedly “hacked into Liam’s personal computer and exported Liam’s private key to his Phantom wallets from his web browser’s working memory.” The attacker gained “unrestricted access to all of the funds in Liam’s three co-linked Phantom wallets” without needing to bypass multi-factor authentication.
The breach allowed hackers to steal and liquidate approximately $500,000 worth of Wiener Doge tokens for just $37,537 in Solana (SOL). This massive sell-off reportedly caused the value of the entire Wiener Doge project to collapse, destroying a market capitalization that had reached $3.1 million at its peak.
Security Vulnerabilities Exposed
The lawsuit alleges that Phantom knew about these security risks but failed to address them or warn users. “Phantom did not merely fail to anticipate cyberattacks—it knew exactly how users were being compromised and made a calculated decision to remain silent,” according to the filing.
Court documents state that “Phantom’s leaders knew that the browser wallet stored users’ decrypted keys in active memory. They knew that novice users were routinely targeted by malware, phishing scripts, and rogue extensions. They knew that many victims were losing funds.”
The plaintiffs claim Phantom “lacked any system for transaction velocity checks, geolocation anomalies, or withdrawal limits,” comparing the Solana wallet unfavorably to how Coinbase wallets operate.
Murphy claims he reported the theft to Phantom immediately. The company allegedly responded that it operated “a noncustodial wallet,” which meant that Murphy bore “sole responsibility” for any loss of his crypto.
OKX Connection Under Scrutiny
The lawsuit also names OKX, a cryptocurrency exchange that partnered with Phantom in November 2024. The complaint cites OKX’s guilty plea to federal money laundering charges for facilitating $5 billion in illicit transactions.
Phantom’s “failure to disclose its direct integration with OKX” was “deceptive,” the suit argues. The filing states that “OKX’s integration was the direct enabler of the unauthorized liquidation of Liam’s assets. Without OKX’s routing, pricing, and execution services, the cybercriminal would not have been able to convert Liam’s $500,000 in Wiener Doge tokens to SOL using Phantom’s app.”
The lawsuit alleges that “OKX knew that Phantom had not registered its Swapper as an SEF with the CFTC.”
Regulatory and Damages Claims
The plaintiffs accuse Phantom of violating the Commodity Exchange Act by operating as an unregistered trading platform while evading regulatory oversight through “superficial claims of decentralization.”
Phantom, valued at over $3 billion and widely regarded as the primary wallet for Solana blockchain users, hosts assets worth approximately $25 billion across 10 million active users, according to the lawsuit.
Thirteen additional plaintiffs, consisting of Murphy’s friends and family, joined the lawsuit after losing investments in Wiener Doge. The group is seeking damages of at least $3.1 million, or $3.1 per lost token.
“We are aware of the lawsuit that has been filed against Phantom, strongly deny any allegations of wrongdoing, and look forward to demonstrating why this lawsuit should be dismissed. The claims in this lawsuit are entirely without merit.”
The spokesperson added that Phantom gives users full control of their funds and cannot prevent scams from malicious links, but works with law enforcement when criminal activity is reported. They also stated that Phantom offers in-app security education and safety resources.
Neither Murphy nor OKX immediately responded to Decrypt’s request for comments regarding the lawsuit.
The case raises questions about the security practices of non-custodial wallets and the responsibility of wallet providers to implement safeguards against sophisticated attacks.
The Solana-based meme coin Wiener Doge, which once traded at $3.1 per token, plummeted to less than $0.01 following the attack and subsequent liquidation.
The lawsuit makes seven major claims against Phantom, including operating as an unregistered trading platform, negligence in cybersecurity protection, false advertising, and aiding money laundering through OKX.
