Phantom Faces Lawsuit over Security Vulnerabilities in Crypto Wallet

Key Takeaways:

• Phantom’s lawsuit exposes risks in noncustodial wallet security.
• Lack of encryption and velocity checks enabled theft.
• Hidden partnerships (e.g., OKX) amplify legal and security risks.

A developer filed a lawsuit against Phantom Technologies in the Southern District of New York on April 14, claiming the company’s noncustodial wallet contained security vulnerabilities that led to substantial theft.

The lawsuit alleges unencrypted browser memory allowed attackers to extract private keys, resulting in the theft of over $500,000 in Wiener Doge tokens from three Phantom wallets.

Court documents reveal the attacker utilized Phantom’s built-in “Swapper” feature to convert the stolen tokens into $37,537 in Solana (SOL).

This conversion allegedly caused the Wiener Doge project’s market value to collapse from its peak of approximately $3.1 million.

Attorney Thomas Liam Murphy, representing the plaintiffs, argued that Phantom failed to implement basic security measures, including proper encryption of private keys and transaction velocity checks that could have limited unauthorized transfers.

Phantom has denied all allegations, stating that its noncustodial wallet design gives users full control over their funds. The company plans to seek the dismissal of the case.

The plaintiffs demanded at least $3.1 million in damages, alleging violations of the Commodity Exchange Act and claiming Phantom operated as an unregistered trading platform.

The Phantom lawsuit exposes critical risks in noncustodial wallets. In June 2023, a North Korean group stole over $100 million from Atomic Wallet by targeting private keys and software flaws—mirroring Phantom’s alleged vulnerabilities.

Prev hacks by Lazarus

Axie Infinity (Ronin Bridge) – $625M
Harmony Bridge – $100M
Atomic Wallet – $100M
Stake – $41M
Alphapo Hot Wallet – $60M+
Wazirx – 230M

(4/7) pic.twitter.com/njyTLd8wMO

Other breaches confirmed the trend. In 2022, Slope Wallet’s key management failure compromised 8,000+ accounts.

A third-party integration flaw drained $2 million from Trinity Wallet in 2020. Even audited systems have failed. Parity Wallet lost 150,000 ETH to a smart contract bug in 2017.

Users bear the risk of it all as noncustodial wallets promise control but often deliver exposure.

The Phantom case shows this by linking to OKX, a partner with prior legal troubles. Phantom integrated OKX in November 2024—after the exchange’s money laundering guilty plea.

In March 2025, EU regulators escalated their investigation into OKX’s involvement amid rising money laundering concerns following the February 21 Bybit $1.5 billion hack.

They examined whether OKX’s Web3 platform, with its integrated token swapping and a Singapore-controlled interface, should fall under MiCA regulations, questioning if its centralized features require stricter oversight.

Citing the exploit on Bybit, regulators are concerned that hackers laundered $100 million in stolen funds through OKX’s platform.

Potential penalties to OKX, including revoking MiCA permits, could force similar crypto platforms to tighten their anti-money laundering measures and compliance standards.

Under this continued EU scrutiny for alleged money laundering linked to the crypto heist, OKX has halted its DEX aggregator to implement enhanced security measures and prevent further misuse.

The lawsuit could lead to mandatory encryption standards, along with rigorous internal security audits and clear disclosure of third-party integration.

Insurers may tighten their criteria, demanding higher security standards from wallet providers. This could result in more rigorous risk assessments and potentially lead to more robust and tailored crypto insurance products that better protect users’ assets.

Exchanges are upgrading backend systems with multi-layer security architectures, incorporating hardware security modules and offline key management. Coinbase Custody exemplifies this approach by using dedicated hardware and offline solutions to safeguard assets, providing industry-leading protection against unauthorized access and potential exploits.

The post Phantom Faces Lawsuit over Security Vulnerabilities in Crypto Wallet appeared first on Cryptonews.