Solana’s Phantom wallet accused of downplaying critical vulnerability

Popular Solana wallet Phantom has come under fire for its reaction to a potential vulnerability in its app. In a post on X, security researcher Cloakd accused Phantom of ignoring his message to alert them of a vulnerability in the wallet.

According to Cloakd, he has already waited more than 28 days to get feedback from the Phantom security team on whether they have fixed the vulnerability, but there has been no update.

He said:

“I’ve been waiting for over 28 days for a large vulnerability to be fixed in one of the largest apps on SOL. At this point, it’s becoming a joke – I can’t even get a response from their security team at this point in terms of update.”

Following Cloakd’s post, the Phantom official account responded on X, stating that security is its priority and has investigated the vulnerability report. The team claimed that the vulnerability did not affect users’ funds and that there was no cause for alarm.

It wrote:

“We have investigated your report and have a different perspective on its severity.  We believe it does NOT make user funds vulnerable in any way.”

Community unimpressed with vague response

However, Cloakd disagreed with this statement, noting that the vulnerability directly risks users’ funds. In response to some users who asked what they should do, he advised them to safely store their private key and move the funds to another wallet because Phantom clearly does not care about security.

Others in the crypto community also criticized the response, noting that the wallet provider did not provide any clarity on what steps it had taken to address the vulnerability or whether it even fixed the issue.

Although Cloakd did not specify the vulnerability, the security expert noted that it is within the Phantom app itself, and safely storing the private key should be enough to secure assets in the wallet.

Meanwhile, another security expert, Andy from Solana-based Taptrade, joined in countering Phantom’s statements about its security. He claimed that his team had also reported several bugs to the wallet provider’s team in the past, with the wallet provider failing to respond to any message about potential vulnerabilities in its application.

Phantom soars as TRUMP puts the spotlight on Solana

The concerns about Phantom wallet security are coming at the wrong time for the crypto wallet, given that it has been enjoying some increased adoption due to the TRUMP token launch. Phantom is currently ranked number 2 in the utility app charts for the UK and the US App Store. It ranks higher than Coinbase on the App Store charts in the US.

Phantom’s historic run has been due to Trump-related memecoins, which attracted millions of retail users to the Solana network and wallet installations. In the 24 hours after TRUMP launched, Phantom reported processing 10 million transactions with a trading volume of  $1.25 billion.

Meanwhile, the wallet also recently completed a Series C funding, raising $150 million to take its valuation to $3 billion. This represents a 150% markup on its last valuation in 2022, when it was worth $1.2 billion, highlighting how it has seen substantial growth along with the Solana ecosystem.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan