CoinCentral reports on the federal lawsuit filed against Phantom Technologies after an alleged security flaw led to the theft of over $500,000 in Wiener Doge tokens and the near-total collapse of the meme coin’s value.
The complaint, filed April 14 in the Southern District of New York by Murphy’s Law founding partner Liam Murphy and 13 co-plaintiffs, alleges that Phantom stored users’ private keys in unencrypted browser memory, making them vulnerable to malware despite marketing its security as “best-in-class.” A cybercriminal hacked into Murphy’s personal computer, extracted his private key from the browser’s working memory, and gained unrestricted access to three co-linked Phantom wallets without needing to bypass multi-factor authentication.
The attacker used Phantom’s built-in Swapper feature to liquidate approximately $500,000 in Wiener Doge tokens for just $37,537 in Solana, destroying a market capitalization that had reached $3.1 million at its peak. CoinCentral notes that the token crashed from $3.10 to under $0.01 per token following the attack.
According to the filing, Phantom’s leadership knew that the browser wallet stored decrypted keys in active memory, knew that users were routinely targeted by malware and phishing scripts, and knew that victims were losing funds. The lawsuit alleges Phantom lacked any system for transaction velocity checks, geolocation anomalies, or withdrawal limits. When Murphy reported the theft, Phantom allegedly responded that as a noncustodial wallet, he bore sole responsibility for his losses.
The suit also names OKX as a co-defendant, citing its guilty plea to federal money laundering charges involving $5 billion in illicit transactions. The complaint argues that without OKX’s routing, pricing, and execution services, the cybercriminal would not have been able to convert the stolen tokens, and that Phantom’s failure to disclose its direct integration with OKX was deceptive.
The 14 plaintiffs are seeking at least $3.1 million in damages and allege that Phantom violated the Commodity Exchange Act by operating as an unregistered trading platform. The filing lists seven major claims including negligence in cybersecurity protection, false advertising, and aiding money laundering through OKX.
Phantom has stated that it strongly denies any allegations of wrongdoing and looks forward to demonstrating that the lawsuit should be dismissed.
If you believe you have been the victim of a crypto fraud or security breach, contact Murphy’s Law for a free consultation to discuss your legal options.