Phantom Technologies and crypto exchange OKX have been hit with a lawsuit related to data breaches resulting in losses of over $500,000 in digital assets.
Circumstances and Allegations
A lawsuit was filed in the Southern District of New York, alleging that the design of the Phantom wallet exposed users to cyber attacks. According to the claimant's attorney Liam Murphy, the Phantom browser extension had exploitable vulnerabilities that allowed hackers to drain cryptocurrencies, leading to the collapse of his Solana-based project known as Wiener Doge. After the attack, the token's value plummeted by nearly 99% from its initial value, which was over $3 million. The plaintiffs allege that Phantom misrepresented the security of its wallet, as private keys were stored in browser memory.
Responses and Actions by the Parties
The lawsuit also accuses OKX of participating in the illegal liquidation of Murphy's account. The court filings state that the trading infrastructure used by the hacker enabled the movement of assets from Phantom via wallet integration. The plaintiffs argue that OKX reasonably should have known that Phantom's Swapper tool was functioning as an unregistered intermediary. As a result, Murphy and thirteen other individuals who invested in Wiener Doge through family and friends are suing for damages based on the token's peak value.
Reactions from Security Experts
Security researcher Cloakd alleged that Phantom did not engage with him to address the issue despite being informed about the application flaw. He claims to have waited over 28 days without any response, despite the potential risks to users. Another developer from Taptrade, Andy, supported Cloakd's statements, mentioning that despite submitting multiple reports on vulnerabilities to Phantom, he received no replies. Both analysts criticized Phantom for its lackadaisical approach to security matters.
The situation surrounding Phantom Technologies and OKX underscores the importance of security in the cryptocurrency sector. Legal proceedings may have significant consequences for companies involved in cybersecurity threats.
