Phantom Technologies and crypto exchange OKX are being sued over security breaches that resulted in the loss of more than $500,000 in digital assets. The lawsuit that was filed in the Southern District of New York, states that the design of the Phantom wallet exposed users to cyber attacks. Liam Murphy, the claimant’s attorney, stated that Phantom’s browser extension had exploitable holes through which hackers drained his crypto, leading to the failure of his Solana-based project known as Wiener Doge. After the attack, the token’s value plummeted to nearly 99% of its initial value, which was over $3 million. According to the complaints filed to the court, Phantom allegedly misconstrued its wallet security. The company reportedly stored users’ decrypted private keys in the browser memory, making it possible to violate most conventional secure practices such as two-factor authentication. Allegations suggest that the attacker managed to use Phantom’s built-in Swapper functionality to exchange Wiener Doge tokens for Solana (SOL), which led to the project’s failure. Because of this event, Wiener Doge which was priced at $3.1 per token, subsequently fell below $0.01. Allegations extend to Phantom’s partner OKX The lawsuit also goes further to accuse OKX of actively participating in the illegal liquidation of Murphy’s account. In that filing, OKX stated that the trading infrastructure that the hacker deployed allowed the movement of assets from Phantom using the wallet integration. The plaintiffs argue that OKX could have reasonably known that Phantom’s Swapper tool was functioning as an unregistered intermediary with the CFTC. The complaint also states that the stolen tokens were converted to SOL through OKX’s routing and pricing structures. In their lawsuit, the plaintiffs said that the defendant could not have liquidated the stolen assets without the participation of OKX. Murphy and thirteen other individuals who invested in Wiener Doge through friends and family are suing for damages based on the token’s value during its peak. They also allege that there is a lack of primary protocols like velocity checks and geolocation anomaly detections that should otherwise be observed in similar exchanges to Coinbase. OKX’s prior legal issues are also featured in the case. The lawsuit cites the exchange’s guilty plea in a federal case over $5 billion in money laundering as an example of the exchange consistently disregarding compliance rules. The plaintiff stated that Phantom knew the danger arising from the storage of keys on the browser cache. They state that the company was fully aware that new users became common targets of phishing attacks and malware and yet did not act appropriately. Security experts challenge Phantom’s response Security researcher Cloakd recently claimed that Phantom never engaged with him to address the problem despite informing them of an application flaw. He said that he went for more than 28 days without any reply, though there could be a risk with users. In response, Phantom dismissed Cloakd’s allegations of endangering users’ funds. “I’ve been waiting for over 28 days for a large vulnerability to be fixed in one of the largest apps on SOL,” Cloakd said. Another developer from Taptrade named Andy supported Cloakd’s statements, citing that after he had submitted several reports on vulnerabilities in Phantom, he had never received any reply. Both analysts criticized Phantom for being laid-back regarding security matters. We just mass left a bunch of group DMs where we had been sharing exploits and bugs to teams across the ecosystem. The lack of response from most of them was staggering. — Andy | (!FF) (@AndyRewNFT) January 21, 2025 Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
https://www.digistore24.com/redir/325658/ceobig/
