Crypto Wallet Provider Phantom Says Its Systems Were Not Compromised in $4M Hack

After a nearly week-long investigation, its team found no vulnerabilities that could explain the exploit.

AccessTimeIconAug 10, 2022 at 12:22 p.m. UTC
Updated May 11, 2023 at 5:40 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Solana-based wallet provider Phantom said its systems were not compromised in the exploit where hackers drained around $4 million from over 9,000 wallets.

Phantom tweeted on Tuesday that after a nearly week-long investigation, its team found no vulnerabilities that could explain the exploit. The wallet provider added that it has been independently audited by Halborn Security and OtterSec. The auditing firms have, so far, not found any issues that could explain the incident.

  • Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
    00:59
    Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
  • Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
    09:43
    Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
  • Breaking Down the State of Hacking in 2024
    02:01
    Breaking Down the State of Hacking in 2024
  • Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
    00:59
    Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
  • "While some Phantom users were affected, in each case we have reviewed, we found that they had imported their seed phrases/private keys to or from a non-Phantom wallet," Phantom added.

    The attack, which started on Aug. 3, affected numerous hot wallet (wallets which stay connected to the internet at all times) providers, such as Slope and TrustWallet, as well as Phantom.

    At the time, the Solana network's engineers said that Slope wallets had been compromised, which Slope confirmed but did not say whether the private key storage practices were involved. Phantom added that it had reason to believe "complications related to importing accounts to and from Slope" was the starting point of the attack.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Jamie Crawley

    Jamie Crawley is a CoinDesk news reporter based in London.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


    Read more about