Phantom Wallet

avoid.net/phantom-wallet→74/100·82% conf.

[AI-DRAFTED · AWAITING VERIFICATION]

74/100

[CAUTIONARY]82% conf.

Summary

Phantom Wallet is a self-custody, non-custodial cryptocurrency wallet developed by Phantom Technologies, Inc., headquartered in San Francisco. Originally launched in 2021 as a Solana-focused browser extension, it has expanded to support Ethereum, Bitcoin, Polygon, Base, and Sui across browser extensions and mobile apps, with approximately 15 million monthly active users and $25 billion in self-custodied assets as of early 2025. The company is well-funded and has engaged constructively with US regulators, though it faces an active civil lawsuit alleging a browser-extension security flaw, and its users have been materially targeted by phishing impersonators and fake app-store clones.

Have evidence about Phantom Wallet?

No evidence submitted yet — be the first.

On-chain audit

Editorial decisions, corrections, and updates are anchored on Solana.

audit log →version history →

Company Background and Team

Phantom Technologies, Inc. was founded in January 2021 by three former engineers from the 0x Protocol project: Brandon Millman (CEO), Francesco Agosti (CTO), and Chris Kalani. The company is headquartered in San Francisco, California. As of early 2026, Phantom employs approximately 361 people. The wallet was initially released as a browser extension for Solana, then expanded to mobile iOS (January 2022) and Android (April 2022), and subsequently added multichain support for Ethereum, Polygon, Bitcoin, Base, and Sui. As of January 2025, Phantom reported 15 million monthly active users, 3.8 million registered usernames, $25 billion in self-custodied assets, and over 850 million on-chain transactions processed.

Sources

[1]HIGHTechCrunch: Crypto startup Phantom banks funding from Andreessen Horowitznews article
[2]HIGHPhantom Series C announcement — phantom.comofficial
[3]MEDThe Block: What is the Phantom Wallet?news article

Funding and Investors

Phantom has raised capital across three funding rounds totalling approximately $268 million. In July 2021, the company raised a $9 million Series A led by Andreessen Horowitz (a16z), with participation from Variant Fund, Jump Capital, DeFi Alliance, the Solana Foundation, and Garry Tan. In January 2022, Paradigm led a $109 million Series B that valued the company at $1.2 billion (unicorn status). In January 2025, Sequoia Capital and Paradigm co-led a $150 million Series C at a $3 billion valuation, with existing investors a16z crypto and Variant also participating. The company stated it would use Series C capital to invest in social discovery features, peer-to-peer payments, and strategic acquisitions aimed at broadening crypto adoption.

Sources

[1]HIGHCoinDesk: Solana Wallet Phantom Raises $109M to Rival MetaMasknews article
[2]MEDCoinTelegraph: Phantom raises $150M in Series C at $3B valuationnews article
[3]HIGHThe Block: Phantom Wallet raises $150 million at $3 billion valuationnews article
[4]HIGHTechCrunch: Phantom Series A a16znews article

Custody Model and Supported Chains

Phantom operates as a non-custodial (self-custody) wallet, meaning private keys are generated and stored locally on the user's device. Phantom explicitly states it has no access to user funds or private keys. The wallet supports Solana, Ethereum, Bitcoin (including Ordinals), Polygon, Base, and Sui, with Monad available on testnet. Cross-chain swaps are available between Bitcoin, Solana, Ethereum, Base, and Polygon. On Solana, users can manage SPL tokens, compressed and uncompressed NFTs, and stake SOL directly within the interface. Hardware wallet support via Ledger is available on select platforms. The wallet does not require users to provide names, government IDs, phone numbers, or physical addresses; its privacy policy states it does not store IP addresses or link them to wallet addresses.

Sources

[1]HIGHPhantom multichain introduction — phantom.comofficial
[2]HIGHPhantom security page — phantom.comofficial
[3]HIGHPhantom privacy policy — phantom.comofficial

Security Posture: Audits and Bug Bounty

Phantom's codebase is audited by Kudelski Security, a Switzerland-based global cybersecurity firm, on an ongoing basis. In June 2024, Least Authority published an independent audit of the Phantom browser extension. That audit found no cross-site scripting vulnerabilities and no known exploitable issues in the reviewed code, but did identify two deficiencies: the absence of a BIP32 key-derivation validity check (since resolved) and a password derivation configuration that did not conform to best practices; Phantom addressed both findings by adding scrypt and the appropriate validation checks. Phantom also runs a public bug bounty program hosted on Bugcrowd, covering the browser extension, mobile apps, and web services, with rewards up to $50,000 for critical vulnerabilities that could result in user fund loss. Phantom's security page states that audit reports are published on GitHub.

Sources

[1]HIGHLeast Authority Phantom Wallet Final Audit Report (June 2024)research
[2]HIGHPhantom bug bounty program — phantom.comofficial
[3]HIGHPhantom security page — phantom.comofficial

Security Incidents: Demonic Vulnerability (2021–2022)

In late September 2021, blockchain security firm Halborn privately disclosed a critical vulnerability, later publicly named 'Demonic,' to Phantom and other browser-extension wallets. The flaw arose from the way Chromium-based browsers cache the contents of non-password input fields to disk as part of session-restore functionality. Because Phantom's secret-recovery-phrase entry field was not designated as a password field, browsers stored the plaintext recovery phrase on disk. An attacker with physical or logical access to the device could retrieve the phrase and gain full wallet access. Phantom began deploying patches in January 2022, and all users were protected by April 2022. No exploits connected to the Demonic vulnerability have been publicly reported.

Sources

[1]HIGHPhantom: Keeping Phantom safe from the Demonic critical vulnerabilityofficial
[2]MEDHalborn: Halborn Discovers Critical Vulnerability Affecting Crypto Wallet Browser Extensionsresearch
[3]HIGHBleepingComputer: MetaMask, Phantom warn of flaw that could steal your crypto walletsnews article
[4]MEDCryptoBriefing: MetaMask, Phantom Fix Demonic Vulnerability in Browser Walletsnews article

Security Incidents: August 2022 Solana Ecosystem Exploit

On August 2-3, 2022, approximately 8,000 Solana-ecosystem wallets were drained of an estimated $5-7 million in SOL and SPL tokens. Initial reporting framed Phantom wallets as affected; however, investigation by Phantom and Solana developers determined the root cause was an insecure practice by a separate wallet application, Slope Wallet, which had inadvertently transmitted users' private key material in plaintext to an application monitoring service that was subsequently compromised. Phantom-native wallets that had never been imported into or used with Slope were not directly affected. Phantom stated it found no vulnerabilities in its own systems that could explain the exploit. The incident highlighted the risk of users reusing seed phrases across multiple wallet applications.

Sources

[1]HIGHCoinDesk: Phantom says its systems were not compromised in $4M hacknews article
[2]HIGHCoinDesk: Solana's $6M Exploit Likely Tied to Slope Walletnews article
[3]HIGHTechCrunch: Thousands of Solana wallets drained in multimillion-dollar exploitnews article
[4]HIGHSolana Foundation: 8/2/2022 Slope Wallet Incident Updateofficial

Active Civil Lawsuit: $3.1M Private Key Storage Claim (2025)

On April 14, 2025, a group of plaintiffs led by attorney Thomas Liam Murphy filed suit against Phantom Technologies, Inc. and OKX in the U.S. District Court for the Southern District of New York. The complaint alleges that on January 20, 2025, a hacker obtained access to Murphy's computer and extracted private keys from unencrypted browser memory within Phantom's extension, subsequently accessing three linked wallets and liquidating approximately $500,000 in Wiener Doge (WIENER) tokens via Phantom's built-in Swapper feature. The liquidation allegedly caused a 99% collapse in the WIENER token's value, inflicting additional losses on other token holders. The plaintiffs allege negligence, false advertising, violation of the Commodity Exchange Act (claiming Phantom operates as an unregistered trading platform), and failure to disclose OKX's guilty plea to money-laundering charges. Damages sought are at least $3.1 million. Phantom denied all allegations, stating the claims are 'entirely without merit' and emphasizing its noncustodial model. The lawsuit was ongoing as of the time of this report.

Sources

[1]MEDDecrypt: Phantom Wallet Sued Over $500K Meme Coin Theft Linked to Alleged Security Flawnews article
[2]MEDCryptoNinjas: Phantom Wallet Faces $3.1M Lawsuit After $500K Theftnews article
[3]MEDCryptoNews: Phantom Faces Lawsuit over Security Vulnerabilities in Crypto Walletnews article
[4]MEDCryptoBriefing: Phantom sued after alleged wallet flaw led to $500,000 crypto theftnews article

Phishing, Fake Impersonators, and User-Facing Scams

Phantom's brand and user base have been materially targeted by third-party scammers. Documented impersonation threats include: (1) A fake Phantom wallet application that appeared in the Apple iOS App Store (reported June 2024), signed with a valid Apple developer certificate, which harvested seed phrases by presenting an 'import wallet' interface; (2) Fake browser extensions distributed outside the official Chrome Web Store; (3) Fake pop-up windows mimicking Phantom's native UI that instruct users to enter their seed phrase to 'complete an update,' a technique that evolved to connect to real Phantom wallets first before presenting the fraudulent request (noted by security platform Web3 Scam Sniffer); (4) Social media impersonation of Phantom support staff on Discord, Twitter, and Telegram. In response, Phantom has published an open-source blocklist of over 2,000 malicious domains, integrated scam-detection warnings into the wallet UI, added an NFT-burn feature to remove spam tokens, and published detailed user education content. The company maintains that users who do not enter their seed phrase on any external site and who download Phantom exclusively from phantom.com or phantom.app are not at risk from these impersonators.

Sources

[1]MEDcrypto.news: Fake Phantom wallet breaches Apple's app store, draining crypto assetsnews article
[2]MEDcryptoslate: Fake Phantom wallet promoted in iOS AppStore drains users fundsnews article
[3]MEDBitget News: Scammers Target Phantom Wallet Users with Fake Pop-ups and Steal Cryptocurrencynews article
[4]HIGHPhantom help center: Security tips for Phantom usersofficial
[5]MEDOneSafe Blog: Phantom Wallet Phishing Scam: What You Need to Knowresearch

Transaction Simulation and Anti-Spoofing Features

Phantom introduced transaction simulation as a core security feature that evaluates transactions before they are broadcast to the network. The wallet scans proposed transactions for interactions with blacklisted programs, unauthorized authority-change instructions, simulation-evasion attempts, and net-negative asset flows, then displays a warning if any are detected. In addition, Phantom partnered with Lighthouse Protocol to implement Guard Instructions, which add cryptographic assertions to transactions presented to users, making simulation-spoofing attacks—where a malicious dApp shows a safe preview but executes a harmful transaction—significantly harder. Phantom stated it is the first wallet to implement this approach. These features are described as proactive defenses against drainer contracts and approval phishing.

Sources

[1]HIGHPhantom: Anti-Spoofing Security With Lighthouseofficial
[2]HIGHPhantom: Security at Phantomofficial

December 2024 Solana Supply Chain Attack

In December 2024, threat actors compromised the Solana web3.js npm library (versions 1.95.6 and 1.96.7) by targeting a Solana npm organization member via spear-phishing, allowing the injection of backdoor code that requested and exfiltrated private keys. The compromised versions were live for approximately five hours on December 2, 2024, before being removed. Phantom confirmed it did not use the compromised library versions and was not affected. Major wallet providers Phantom and Coinbase both confirmed their systems were uncompromised. The attack primarily affected custodial services, bots, and dApps that integrated the specific compromised npm versions, with estimated losses of $130,000–$160,000.

Sources

[1]MEDMitrade: Phantom wallet is safe from the Solana supply chain attacknews article
[2]MEDThe Hacker News: Researchers Uncover Backdoor in Solana's Popular Web3.js npm Librarynews article
[3]MEDInfosecurity Magazine: Solana Library Supply Chain Attack Exposes Cryptocurrency Walletsnews article

Phantom Chat Feature and Address Poisoning Concerns (2026)

Ahead of a planned 2026 rollout of Phantom Chat — an in-wallet peer-to-peer messaging feature — security researchers and community members raised concerns that integrating messaging directly into a wallet interface could amplify address poisoning attacks, a technique where attackers send small transactions from wallet addresses visually similar to ones a user has recently interacted with, hoping users will copy the attacker's address from their transaction history for a future transfer. A user was reported to have lost approximately 3.5 WBTC (valued at roughly $150,000–$264,000) via address poisoning in a separate incident cited alongside these concerns. On-chain investigator ZachXBT publicly warned about the chat feature compounding social engineering risk. Phantom has not yet released full technical specifications of Phantom Chat; the feature was described as still in development as of early 2026.

Sources

[1]LOWMEXC News: Phantom Chat Triggers Security Alarms as Hack Warnings Surface Ahead of 2026 Launchnews article
[2]MEDKuCoin: Phantom Chat Sparks Security Warnings Over Address Poisoning Risksnews article
[3]MEDCoinTelegraph: Phantom Chat under scrutiny after $264K address poisoning lossnews article

April 2026 Service Outage

On approximately April 7, 2026, Phantom experienced a temporary service outage that caused incorrect token balances and prices to display within the wallet interface. The outage coincided with a popular token airdrop event, preventing some users from selling assets, and some users reported financial losses attributed to their inability to trade during the disruption. Phantom stated that user funds were not affected and that the problem was limited to front-end display errors, likely stemming from a failure in its data aggregation or third-party API pricing infrastructure rather than any on-chain issue. Service was restored by approximately 10:55 p.m. on the same day. Phantom did not offer reimbursement for losses attributed to the outage.

Sources

[1]HIGHThe Block: Phantom reports temporary service outage affecting in-app balancesnews article
[2]MEDCryptoTimes: Phantom Wallet Outage Sparks Token Loss Fears Among Usersnews article
[3]MEDCrowdfund Insider: Phantom Cryptocurrency Wallet Grapples With Brief Operational Disruptionnews article

Regulatory Posture

Phantom Technologies has proactively engaged US financial regulators. On June 17, 2025, Phantom submitted a letter to the SEC's Crypto Task Force arguing that its self-custody wallet interface does not constitute broker activity under Section 15(a) of the Exchange Act and does not require SEC registration. The company also supported the 'Project Open' initiative, which proposes a framework for Token Shares issuance compliant with securities laws. On March 17, 2026, the CFTC's Market Participants Division issued Staff Letter 26-09, a no-action position addressed directly to Phantom Technologies, stating it would not recommend enforcement action for failure to register as an introducing broker, provided Phantom adheres to ten specified conditions. These conditions include: adopting CEA-compliant disclosure policies, obtaining customer acknowledgment of disclosures, complying with marketing restrictions, and accepting CFTC jurisdiction and joint-and-several liability for regulated derivatives platform partners. Phantom described the letter as 'first-of-its-kind.' The company's terms of service state it is not a money transmitter, is not subject to Bank Secrecy Act anti-money laundering requirements as a money services business, and has not been reviewed or approved by any financial regulatory authority.

Sources

[1]HIGHCFTC.gov: CFTC Staff Issues No-Action Position to Self-Custodial Crypto Asset Wallet Software Providerregulatory
[2]HIGHCoinDesk: Phantom wins CFTC no-action reliefnews article
[3]HIGHSEC.gov: Phantom Technologies written submission to Crypto Task Forceregulatory
[4]MEDCooley: CFTC Issues No-Action Relief to Self-Custodial Crypto-Wallet Applicationother
[5]HIGHPhantom Terms of Use — phantom.comofficial

Timeline

2021-01-01

Phantom Technologies, Inc. founded by Brandon Millman, Francesco Agosti, and Chris Kalani, all former 0x Protocol engineers

TechCrunch

2021-07-14

Phantom raises $9 million Series A led by a16z, with Variant Fund, Jump Capital, DeFi Alliance, Solana Foundation, and Garry Tan participating

TechCrunch

2021-09-01

Halborn privately discloses the 'Demonic' vulnerability affecting Phantom's browser extension, in which browsers cache seed phrases in plaintext

Halborn

2021-11-01

Phantom browser extension reaches 1 million downloads

The Block

2022-01-01

Phantom begins rolling out patches for the Demonic vulnerability; all users protected by April 2022

Phantom blog

2022-01-31

Phantom raises $109 million Series B led by Paradigm at a $1.2 billion valuation; launches iOS mobile app

CoinDesk

2022-04-01

Phantom launches Android mobile app

The Block

2022-08-03

Approximately 8,000 Solana-ecosystem wallets drained in exploit later attributed to Slope Wallet's insecure key logging; Phantom wallets not directly compromised but some affected users had previously imported seed phrases from Slope

CoinDesk

2024-06-01

Fake Phantom wallet application appears in Apple iOS App Store, harvesting seed phrases from users who attempt to import wallets

crypto.news

2024-06-07

Least Authority publishes independent security audit of Phantom Wallet; findings include two non-critical deficiencies later resolved by the Phantom team

Least Authority

2024-12-02

Solana web3.js npm library supply chain attack discovered; Phantom confirms it does not use the compromised library versions and is unaffected

Mitrade / The Hacker News

2025-01-16

Phantom raises $150 million Series C co-led by Sequoia Capital and Paradigm at a $3 billion valuation

Phantom blog / The Block

2025-01-20

Alleged hack of plaintiff Liam Murphy's wallets via Phantom browser extension; $500,000 in WIENER tokens liquidated, causing alleged 99% token value collapse

Decrypt

2025-04-14

Thomas Liam Murphy and 13 co-plaintiffs file $3.1M lawsuit against Phantom Technologies and OKX in SDNY, alleging unencrypted private key storage and Commodity Exchange Act violations

Decrypt

2025-06-17

Phantom Technologies submits letter to SEC Crypto Task Force arguing wallet does not constitute broker activity and does not require Exchange Act registration

SEC.gov

2026-03-17

CFTC Division of Enforcement issues Staff Letter 26-09 — a no-action position — to Phantom Technologies, permitting wallet integration with regulated derivatives platforms without introducing broker registration, subject to ten conditions

CFTC.gov / CoinDesk

2026-04-07

Phantom experiences temporary service outage causing incorrect balance and price display; company states user funds unaffected; service restored same day

The Block

model: claude-code-investigator

generated: 4/20/2026, 5:55:06 AM

avoid.net — verified advice for a post-truth world