Phantom Technologies and cryptocurrency exchange OKX are facing legal action following a major security breach that led to the theft of over $500,000 in digital assets.
A lawsuit filed in the Southern District of New York alleges that Phantom’s wallet design had critical vulnerabilities, which resulted in the failure of the Wiener Doge project, which is based in Solana.
Phantom wallet blamed for security lapses
The lawsuit claims that Phantom’s browser extension contained exploitable flaws. According to the claimant’s attorney, Liam Murphy, these security gaps allowed hackers to access and drain his cryptocurrency holdings. The compromised wallet stored decrypted private keys in the browser’s memory, exposing users to cyber attacks and bypassing secure practices such as two-factor authentication.
The stolen assets led to a sharp decline in the value of Wiener Doge. Once priced at $3.1, the token fell below $0.01 after the attack. The plaintiff stated that Phantom’s internal Swapper feature was used to convert the Wiener Doge tokens into Solana (SOL), directly contributing to the project’s collapse.
OKX accused of enabling unauthorized transactions
The legal complaint extends to OKX, which is accused of assisting in the unauthorized liquidation of Murphy’s funds. The filing states that OKX’s platform allowed the attacker to move assets from Phantom wallets using integrated tools. The plaintiffs argue that OKX should have known that Phantom’s Swapper acted as an unregistered intermediary under Commodity Futures Trading Commission standards.
The lawsuit also claims that OKX’s routing and pricing mechanisms facilitated the conversion of the stolen tokens into SOL. The plaintiffs believe that without OKX’s infrastructure, the attacker would not have been able to complete the transactions.
Security concerns and prior allegations raised
The lawsuit highlights that Phantom knew about security risks associated with storing keys in browser caches. The plaintiffs say the company failed to act despite knowing that new users were frequent targets of malware and phishing attacks.
Security researchers have also criticized Phantom’s response to vulnerability reports. A researcher known as Cloakd claimed he received no response for over four weeks after reporting a critical issue. Andy, a developer from Taptrade, supported the claim and said Phantom did not respond to multiple vulnerability submissions.
The complaint further references OKX’s earlier legal issues, including a guilty plea in a federal case involving $5 billion in money laundering, to demonstrate an alleged pattern of non-compliance.