A developer filed a lawsuit against Phantom Technologies in the Southern District of New York on April 14, claiming the company’s noncustodial wallet contained security vulnerabilities that led to substantial theft.

Major Lawsuit Questions Phantom Wallet Security Framework

The lawsuit alleges unencrypted browser memory allowed attackers to extract private keys, resulting in the theft of over $500,000 in Wiener Doge tokens from three Phantom wallets.

Court documents reveal the attacker utilized Phantom’s built-in “Swapper” feature to convert the stolen tokens into $37,537 in Solana (SOL).

This conversion allegedly caused the Wiener Doge project’s market value to collapse from its peak of approximately $3.1 million.

Attorney Thomas Liam Murphy, representing the plaintiffs, argued that Phantom failed to implement basic security measures, including proper encryption of private keys and transaction velocity checks that could have limited unauthorized transfers.

Phantom has denied all allegations, stating that its noncustodial wallet design gives users full control over their funds. The company plans to seek the dismissal of the case.

The plaintiffs demanded at least $3.1 million in damages, alleging violations of the Commodity Exchange Act and claiming Phantom operated as an unregistered trading platform.

Pattern of Vulnerabilities in Noncustodial Wallets

The Phantom lawsuit exposes critical risks in noncustodial wallets. In June 2023, a North Korean group stole over $100 million from Atomic Wallet by targeting private keys and software flaws—mirroring Phantom's alleged vulnerabilities.

Other breaches confirmed the trend. In 2022, Slope Wallet's key management failure compromised 8,000+ accounts.

A third-party integration flaw drained $2 million from Trinity Wallet in 2020. Even audited systems have failed. Parity Wallet lost 150,000 ETH to a smart contract bug in 2017.

Users bear the risk of it all as noncustodial wallets promise control but often deliver exposure.

The Phantom case shows this by linking to OKX, a partner with prior legal troubles. Phantom integrated OKX in November 2024—after the exchange's money laundering guilty plea.

Emergency Shutdown Sparks Debate on DeFi Security and Control Measures

In March 2025, EU regulators escalated their investigation into OKX's involvement amid rising money laundering concerns following the February 21 Bybit $1.5 billion hack.

They examined whether OKX's Web3 platform, with its integrated token swapping and a Singapore-controlled interface, should fall under MiCA regulations, questioning if its centralized features require stricter oversight.

Citing the exploit on Bybit, regulators are concerned that hackers laundered $100 million in stolen funds through OKX's platform.

Potential penalties to OKX, including revoking MiCA permits, could force similar crypto platforms to tighten their anti-money laundering measures and compliance standards.

Under this continued EU scrutiny for alleged money laundering linked to the crypto heist, OKX has halted its DEX aggregator to implement enhanced security measures and prevent further misuse.

Frequently Asked Questions (FAQs)

The post Phantom Faces Lawsuit over Security Vulnerabilities in Crypto Wallet appeared first on Cryptonews.