Decrypt reports on the federal lawsuit filed by Murphy’s Law founding partner Liam Murphy and 13 co-plaintiffs against Phantom Technologies in the Southern District of New York.
According to court documents obtained by Decrypt, a cybercriminal hacked into Murphy’s personal computer and exported his private key from his web browser’s working memory, gaining unrestricted access to all funds in three co-linked Phantom wallets without needing to bypass multi-factor authentication.
The complaint alleges that Phantom stored users’ private keys in unencrypted browser memory, making them vulnerable to malware extraction, despite marketing its security as “best-in-class.” After the theft, the attacker used Phantom’s built-in Swapper feature to liquidate approximately $500,000 in Wiener Doge tokens for only $37,537 in Solana, destroying the value of the entire project, which had reached a $3.1 million market cap at its peak.
The plaintiffs are seeking at least $3.1 million in damages and allege that Phantom violated the Commodity Exchange Act by operating as an unregistered trading platform.
The suit also names OKX as a co-defendant, citing the exchange’s guilty plea to federal money laundering charges involving $5 billion in illicit transactions. Phantom told Decrypt it strongly denies any allegations of wrongdoing and looks forward to demonstrating why the lawsuit should be dismissed.