Phantom Wallet Faces Lawsuit Over $500K Memecoin Exploit

Phantom, a prominent crypto wallet provider, faces a lawsuit following a $500,000 memecoin exploit allegedly caused by a security flaw in its system. The firm claims over 15M active users and more than $20B in token swaps in 2024 so far. Instead, it now finds itself under the shadow of grave allegations of negligence, fraud, and misleading conduct. The lawsuit names OKX as a co-defendant. Further, it makes the claim that OKX was involved in helping facilitate swaps used by the attacker.

At the center of the lawsuit is Phantom’s built-in “Swapper” feature. An attacker recently took advantage of this exact feature, turning stolen memecoins into Solana (SOL) via OKX’s cross-chain smart contract routing. According to plaintiff, Phantom knew that its browser extension memory sprang a leak. According to the Complaint, Phantom failed to act on or inform consumers of this defect.

A hacker obtained the private key of plaintiff Murphy. To do this, they injected it into Phantom’s browser extension memory. The hacker smartly drained three Phantom wallets almost immediately. This breach begged the question of what security protocols the wallet employed, given that they only had to circumvent two-factor authentication.

Phantom also recently saw explosive growth, claiming the title of the fastest-growing web3 wallet in a February report from CoinMarketCap. The platform has branched out from focusing solely on fast-growing networks such as Sui (SUI) and Base. In January of this year, Phantom netted another $150 million in its Series C funding round. All this remarkable expansion occurred while the company became a “unicorn” with a $3 billion valuation.

Phantom’s easing of swaps has led to accusations of money laundering safe haven violations. Evergreen State’s development adds a new level of complexity to the still-unfolding lawsuit. According to the lawsuit, Phantom’s “Swapper” tool allowed criminals to launder their gains from illicit sources.

OKX is named in the suit because it claimed to have supplied the smart contract routing. This misrouting enabled the attacker to swap the stolen memecoins for SOL, an easily tradable asset. The lawsuit alleges OKX didn’t do enough to protect customers or make their environment secure. Doing so caused its platform to be used for illicit activities.

Phantom hasn’t responded publicly to the serious accusations leveled against it, at least not so far. The company's silence has fueled further speculation.