- Phantom sued for $3.1M after $500K in memecoins stolen via browser vulnerability.
- The lawsuit claimed a hacker drained wallets by accessing decrypted keys from browser memory.
- Solana-based memecoin launchpad, Pump. Fun also faced a similar lawsuit for investor losses.
Phantom, a well-known cryptocurrency wallet that supports Solana, Ethereum, Bitcoin, and other blockchains, is facing a $3.1 million lawsuit due to a browser vulnerability that enabled hackers to steal $500,000 worth of various meme coins from users. Following the hack, users contended that the firm failed to implement adequate protective measures.
According to the complaint, a cybercriminal hacked into plaintiff Liam’s account and stole his decrypted private key from the browser’s working memory, gaining unrestricted access to over $500,000 in cryptocurrency stored within three of Liam’s Phantom wallets. The complaint also stated that the attacker was able to drain all wallet assets without needing to bypass multi-factor authentication or any security measures. The complaint was filed on April 14 in the Southern District of New York, alleging that Phantom exposed users to crypto theft due to security and design flaws.
The liquidated tokens accounted for the majority share of the Solana-based memecoin Wiener Doge, which was trading at $3.10. However, following the breach, the token plummeted to less than $0.01, according to GeckoTerminal. Further, in 2024, Phantom facilitated over $20 billion in swaps and collected more than $275 million in fees without registering as a money services business (MSB) under the US regulatory framework. The firm also allegedly stored users’ private keys in unencrypted browser memory, making them vulnerable to theft and malware.
The lawsuit also included the OKX and Phantom partnership in November 2024. The partnership was investigated for evading the US regulatory requirements by engaging third-party “non-disclosure” brokers to facilitate anonymous crypto trading. All the above regulatory violations add concerns about compliance and user protection.
Related: Bitcoin Trading Platform Suspended Following Security Breach
While Phantom has not publicly responded to the lawsuit, it previously claimed to have blocked over 18,000 phishing and malware attacks in 2023 through user education and real-time monitoring. Its support documentation urged users to be aware of fraudulent browser extensions and phishing links. The incident adds to the ongoing concerns around meme coins, which have surged but are often volatile and vulnerable to scams. Following this, the Solana-based memecoin platform Pump.fun faced a lawsuit over unregistered securities sales and for alleged investor exploitation.
