Skip to main content
Sign in
Phantom Wallet9 decisions on this page

Audit log

Every state-changing event for Phantom Wallet: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1reviewby reviewerreviewer
    2026-05-06 02:50:06Z
    Score: 7474 (no score change)
    The investigation is well-sourced and largely accurate. Two factual errors were identified: (1) the Solana web3.js compromised version is listed as '1.96.7' but should be '1.95.7', and (2) the timeline attributes the CFTC no-action letter to the 'Division of Enforcement' when it was issued by the Market Participants Division. The August 2022 exploit loss estimate of '$5-7 million' skews slightly above most cited sources ($4-6M). Three claims are unverifiable due to reliance on self-reported metrics.
    anchoranchored
    chain
    mainnet-betaslot 417,878,548
    sig
    4TwdcPN9XCwZ…paBNJaVQexplorer ↗
    hash
    AYou1mvo9BEg…sKo4NCnbsha256 → base58
    verifying row…full verify ↗
    canonical bytes (854 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-06T02:50:06.503Z","decision":"review","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":74,"page_slug":"phantom-wallet","prev_score":74,"reason":"The investigation is well-sourced and largely accurate. Two factual errors were identified: (1) the Solana web3.js compromised version is listed as '1.96.7' but should be '1.95.7', and (2) the timeline attributes the CFTC no-action letter to the 'Division of Enforcement' when it was issued by the Market Participants Division. The August 2022 exploit loss estimate of '$5-7 million' skews slightly above most cited sources ($4-6M). Three claims are unverifiable due to reliance on self-reported metrics.","score_delta":0,"sequence_num":1,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 07703ced-0b45-4e48-836e-43c2e247e505
  2. #2review reviseby judgejudge
    2026-05-06 02:50:06Z
    Score: 7469 (-5)
    The investigation is well-sourced and broadly accurate, but the reviewer identified three correctible errors: the Solana web3.js compromised version is listed as 1.96.7 when it should be 1.95.7, the timeline attributes CFTC Staff Letter 26-09 to the Division of Enforcement instead of the Market Participants Division, and the August 2022 exploit loss estimate of $5-7M skews above cited sources ($4-6M). None of these errors materially misrepresent risk, but they warrant revision before the page is fully approved.
    anchoranchored
    chain
    mainnet-betaslot 417,878,551
    sig
    BkxwbxhenHvq…NXdFrjziexplorer ↗
    hash
    ELUE9SbUiZfp…753SRWDMsha256 → base58
    verifying row…full verify ↗
    canonical bytes (871 B) ▸
    {"actor":"judge","decided_at":"2026-05-06T02:50:06.503Z","decision":"review_revise","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":69,"page_slug":"phantom-wallet","prev_score":74,"reason":"The investigation is well-sourced and broadly accurate, but the reviewer identified three correctible errors: the Solana web3.js compromised version is listed as 1.96.7 when it should be 1.95.7, the timeline attributes CFTC Staff Letter 26-09 to the Division of Enforcement instead of the Market Participants Division, and the August 2022 exploit loss estimate of $5-7M skews above cited sources ($4-6M). None of these errors materially misrepresent risk, but they warrant revision before the page is fully approved.","score_delta":-5,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision fd102876-3d7c-4245-acb6-fa6f12355629
  3. #3reviewby reviewerreviewer
    2026-05-14 03:35:45Z
    Score: 6969 (no score change)
    The Phantom Wallet investigation page is generally well-sourced and factually accurate for its major claims about funding history, founding team, security incidents, and regulatory posture. Two substantive errors were found: (1) the supply chain attack section incorrectly states the second compromised npm version as '1.96.7' when all authoritative sources confirm it was '1.95.7'; (2) the timeline entry for the CFTC no-action letter incorrectly names the 'Division of Enforcement' as the issuing body when it was the Market Participants Division — an error that contradicts the section text of the same page. One Wayback archive URL in sources_used points to an entirely unrelated article. Three unverifiable claims relate to self-reported Phantom policies or specific details (10:55 p.m. restoration, 2,000 domain blocklist, IP address privacy policy) that could not be independently confirmed from accessible sources.
    anchoranchored
    chain
    mainnet-betaslot 419,606,675
    sig
    22A9k1yeVQ1A…qLmd9WrQexplorer ↗
    hash
    4tnfumtFPA3c…yez9FFaQsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1272 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-14T03:35:44.973Z","decision":"review","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":69,"page_slug":"phantom-wallet","prev_score":69,"reason":"The Phantom Wallet investigation page is generally well-sourced and factually accurate for its major claims about funding history, founding team, security incidents, and regulatory posture. Two substantive errors were found: (1) the supply chain attack section incorrectly states the second compromised npm version as '1.96.7' when all authoritative sources confirm it was '1.95.7'; (2) the timeline entry for the CFTC no-action letter incorrectly names the 'Division of Enforcement' as the issuing body when it was the Market Participants Division — an error that contradicts the section text of the same page. One Wayback archive URL in sources_used points to an entirely unrelated article. Three unverifiable claims relate to self-reported Phantom policies or specific details (10:55 p.m. restoration, 2,000 domain blocklist, IP address privacy policy) that could not be independently confirmed from accessible sources.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 9faed8a7-6449-4c0b-90ef-69d23158baf8
  4. #4review reviseby judgejudge
    2026-05-14 03:35:45Z
    Score: 6957 (-12)
    Two factual errors require correction: claim_findings[16] misidentifies the compromised npm versions as '1.96.7' (should be '1.95.7'); timeline entry (index 15) incorrectly attributes CFTC Letter 26-09 to 'Division of Enforcement' when it was issued by 'Market Participants Division', contradicting the page's own section text. Two high-priority coverage gaps—pending lawsuit status update and regulatory claim validation—should be addressed. Overall, 11 of 19 claims are fully confirmed with strong Tier 1 sourcing, but the internal CFTC inconsistency and missing lawsuit outcome tracking justify revision.
    anchoranchored
    chain
    mainnet-betaslot 419,606,678
    sig
    3hHgJ5hS5wv2…wyNcGw4Rexplorer ↗
    hash
    GhddYFK5NE8F…YRsYkpUxsha256 → base58
    verifying row…full verify ↗
    canonical bytes (963 B) ▸
    {"actor":"judge","decided_at":"2026-05-14T03:35:44.973Z","decision":"review_revise","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":57,"page_slug":"phantom-wallet","prev_score":69,"reason":"Two factual errors require correction: claim_findings[16] misidentifies the compromised npm versions as '1.96.7' (should be '1.95.7'); timeline entry (index 15) incorrectly attributes CFTC Letter 26-09 to 'Division of Enforcement' when it was issued by 'Market Participants Division', contradicting the page's own section text. Two high-priority coverage gaps—pending lawsuit status update and regulatory claim validation—should be addressed. Overall, 11 of 19 claims are fully confirmed with strong Tier 1 sourcing, but the internal CFTC inconsistency and missing lawsuit outcome tracking justify revision.","score_delta":-12,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 18a23dc6-88fa-4c3e-bbd2-a03a4a3a5f59
  5. #5publishby system:backfill
    2026-05-30 13:02:40Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,161,601
    sig
    mzPMjDGv1ECN…M4sj7vgqexplorer ↗
    hash
    5WXFU6XJzcJ2…1P8NhGkrsha256 → base58
    verifying row…full verify ↗
    canonical bytes (37024 B) ▸
    {"actor":"system:backfill","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","kind":"publish","page_slug":"phantom-wallet","published_at":"2026-05-30T13:02:39.915Z","sequence_num":5,"snapshot":{"content_type":"investigation","entity_name":"Phantom Wallet","sections":[{"content":"Phantom Technologies, Inc. was founded in January 2021 by three former engineers from the 0x Protocol project: Brandon Millman (CEO), Francesco Agosti (CTO), and Chris Kalani. The company is headquartered in San Francisco, California. As of early 2026, Phantom employs approximately 361 people. The wallet was initially released as a browser extension for Solana, then expanded to mobile iOS (January 2022) and Android (April 2022), and subsequently added multichain support for Ethereum, Polygon, Bitcoin, Base, and Sui. As of January 2025, Phantom reported 15 million monthly active users, 3.8 million registered usernames, $25 billion in self-custodied assets, and over 850 million on-chain transactions processed.","heading":"Company Background and Team","severity":"low","sources":[{"credibility":1,"name":"TechCrunch: Crypto startup Phantom banks funding from Andreessen Horowitz","type":"news_article","url":"https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/"},{"credibility":1,"name":"Phantom Series C announcement — phantom.com","type":"official","url":"https://phantom.com/learn/blog/phantom-series-c"},{"credibility":2,"name":"The Block: What is the Phantom Wallet?","type":"news_article","url":"https://www.theblock.co/learn/305135/what-is-the-phantom-wallet"}]},{"content":"Phantom has raised capital across three funding rounds totalling approximately $268 million. In July 2021, the company raised a $9 million Series A led by Andreessen Horowitz (a16z), with participation from Variant Fund, Jump Capital, DeFi Alliance, the Solana Foundation, and Garry Tan. In January 2022, Paradigm led a $109 million Series B that valued the company at $1.2 billion (unicorn status). In January 2025, Sequoia Capital and Paradigm co-led a $150 million Series C at a $3 billion valuation, with existing investors a16z crypto and Variant also participating. The company stated it would use Series C capital to invest in social discovery features, peer-to-peer payments, and strategic acquisitions aimed at broadening crypto adoption.","heading":"Funding and Investors","severity":"low","sources":[{"credibility":1,"name":"CoinDesk: Solana Wallet Phantom Raises $109M to Rival MetaMask","type":"news_article","url":"https://www.coindesk.com/business/2022/01/31/solana-wallet-phantom-raises-109m-to-rival-metamask"},{"credibility":2,"name":"CoinTelegraph: Phantom raises $150M in Series C at $3B valuation","type":"news_article","url":"https://cointelegraph.com/news/phantom-raises-150-million-3-billion-valuation"},{"credibility":1,"name":"The Block: Phantom Wallet raises $150 million at $3 billion valuation","type":"news_article","url":"https://www.theblock.co/post/335305/phantom-wallet-raises-150-million-at-3-billion-valuation"},{"credibility":1,"name":"TechCrunch: Phantom Series A a16z","type":"news_article","url":"https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/"}]},{"content":"Phantom operates as a non-custodial (self-custody) wallet, meaning private keys are generated and stored locally on the user's device. Phantom explicitly states it has no access to user funds or private keys. The wallet supports Solana, Ethereum, Bitcoin (including Ordinals), Polygon, Base, and Sui, with Monad available on testnet. Cross-chain swaps are available between Bitcoin, Solana, Ethereum, Base, and Polygon. On Solana, users can manage SPL tokens, compressed and uncompressed NFTs, and stake SOL directly within the interface. Hardware wallet support via Ledger is available on select platforms. The wallet does not require users to provide names, government IDs, phone numbers, or physical addresses; its privacy policy states it does not store IP addresses or link them to wallet addresses.","heading":"Custody Model and Supported Chains","severity":"low","sources":[{"credibility":1,"name":"Phantom multichain introduction — phantom.com","type":"official","url":"https://phantom.com/learn/blog/introducing-phantom-multichain"},{"credibility":1,"name":"Phantom security page — phantom.com","type":"official","url":"https://phantom.com/security"},{"credibility":1,"name":"Phantom privacy policy — phantom.com","type":"official","url":"https://phantom.com/privacy"}]},{"content":"Phantom's codebase is audited by Kudelski Security, a Switzerland-based global cybersecurity firm, on an ongoing basis. In June 2024, Least Authority published an independent audit of the Phantom browser extension. That audit found no cross-site scripting vulnerabilities and no known exploitable issues in the reviewed code, but did identify two deficiencies: the absence of a BIP32 key-derivation validity check (since resolved) and a password derivation configuration that did not conform to best practices; Phantom addressed both findings by adding scrypt and the appropriate validation checks. Phantom also runs a public bug bounty program hosted on Bugcrowd, covering the browser extension, mobile apps, and web services, with rewards up to $50,000 for critical vulnerabilities that could result in user fund loss. Phantom's security page states that audit reports are published on GitHub.","heading":"Security Posture: Audits and Bug Bounty","severity":"low","sources":[{"credibility":1,"name":"Least Authority Phantom Wallet Final Audit Report (June 2024)","type":"research","url":"https://leastauthority.com/wp-content/uploads/2024/07/Least-Authority-Phantom-Wallet-Final-Audit-Report.pdf"},{"credibility":1,"name":"Phantom bug bounty program — phantom.com","type":"official","url":"https://phantom.com/bug-bounty"},{"credibility":1,"name":"Phantom security page — phantom.com","type":"official","url":"https://phantom.com/security"}]},{"content":"In late September 2021, blockchain security firm Halborn privately disclosed a critical vulnerability, later publicly named 'Demonic,' to Phantom and other browser-extension wallets. The flaw arose from the way Chromium-based browsers cache the contents of non-password input fields to disk as part of session-restore functionality. Because Phantom's secret-recovery-phrase entry field was not designated as a password field, browsers stored the plaintext recovery phrase on disk. An attacker with physical or logical access to the device could retrieve the phrase and gain full wallet access. Phantom began deploying patches in January 2022, and all users were protected by April 2022. No exploits connected to the Demonic vulnerability have been publicly reported.","heading":"Security Incidents: Demonic Vulnerability (2021–2022)","severity":"medium","sources":[{"credibility":1,"name":"Phantom: Keeping Phantom safe from the Demonic critical vulnerability","type":"official","url":"https://phantom.com/learn/blog/keeping-phantom-safe-from-the-demonic-critical-vulnerability"},{"credibility":2,"name":"Halborn: Halborn Discovers Critical Vulnerability Affecting Crypto Wallet Browser Extensions","type":"research","url":"https://www.halborn.com/blog/post/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions"},{"credibility":1,"name":"BleepingComputer: MetaMask, Phantom warn of flaw that could steal your crypto wallets","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/metamask-phantom-warn-of-flaw-that-could-steal-your-crypto-wallets/"},{"credibility":2,"name":"CryptoBriefing: MetaMask, Phantom Fix Demonic Vulnerability in Browser Wallets","type":"news_article","url":"https://cryptobriefing.com/metamask-phantom-fix-demonic-vulnerability-in-browser-wallets/"}]},{"content":"On August 2-3, 2022, approximately 8,000 Solana-ecosystem wallets were drained of an estimated $5-7 million in SOL and SPL tokens. Initial reporting framed Phantom wallets as affected; however, investigation by Phantom and Solana developers determined the root cause was an insecure practice by a separate wallet application, Slope Wallet, which had inadvertently transmitted users' private key material in plaintext to an application monitoring service that was subsequently compromised. Phantom-native wallets that had never been imported into or used with Slope were not directly affected. Phantom stated it found no vulnerabilities in its own systems that could explain the exploit. The incident highlighted the risk of users reusing seed phrases across multiple wallet applications.","heading":"Security Incidents: August 2022 Solana Ecosystem Exploit","severity":"medium","sources":[{"credibility":1,"name":"CoinDesk: Phantom says its systems were not compromised in $4M hack","type":"news_article","url":"https://www.coindesk.com/business/2022/08/10/phantom-says-its-systems-were-not-compromised-in-4m-hack"},{"credibility":1,"name":"CoinDesk: Solana's $6M Exploit Likely Tied to Slope Wallet","type":"news_article","url":"https://www.coindesk.com/business/2022/08/03/solanas-latest-6m-exploit-likely-tied-to-slope-wallet-devs-say"},{"credibility":1,"name":"TechCrunch: Thousands of Solana wallets drained in multimillion-dollar exploit","type":"news_article","url":"https://techcrunch.com/2022/08/03/solana-wallet-hack/"},{"credibility":1,"name":"Solana Foundation: 8/2/2022 Slope Wallet Incident Update","type":"official","url":"https://solana.com/news/8-2-2022-application-wallet-incident"}]},{"content":"On April 14, 2025, a group of plaintiffs led by attorney Thomas Liam Murphy filed suit against Phantom Technologies, Inc. and OKX in the U.S. District Court for the Southern District of New York. The complaint alleges that on January 20, 2025, a hacker obtained access to Murphy's computer and extracted private keys from unencrypted browser memory within Phantom's extension, subsequently accessing three linked wallets and liquidating approximately $500,000 in Wiener Doge (WIENER) tokens via Phantom's built-in Swapper feature. The liquidation allegedly caused a 99% collapse in the WIENER token's value, inflicting additional losses on other token holders. The plaintiffs allege negligence, false advertising, violation of the Commodity Exchange Act (claiming Phantom operates as an unregistered trading platform), and failure to disclose OKX's guilty plea to money-laundering charges. Damages sought are at least $3.1 million. Phantom denied all allegations, stating the claims are 'entirely without merit' and emphasizing its noncustodial model. The lawsuit was ongoing as of the time of this report.","heading":"Active Civil Lawsuit: $3.1M Private Key Storage Claim (2025)","severity":"high","sources":[{"credibility":2,"name":"Decrypt: Phantom Wallet Sued Over $500K Meme Coin Theft Linked to Alleged Security Flaw","type":"news_article","url":"https://decrypt.co/314783/phantom-wallet-sued-500k-meme-coin-theft-alleged-security-flaw"},{"credibility":2,"name":"CryptoNinjas: Phantom Wallet Faces $3.1M Lawsuit After $500K Theft","type":"news_article","url":"https://www.cryptoninjas.net/news/phantom-wallet-faces-3-1m-lawsuit-after-500k-theft-sparks-crypto-security-concerns/"},{"credibility":2,"name":"CryptoNews: Phantom Faces Lawsuit over Security Vulnerabilities in Crypto Wallet","type":"news_article","url":"https://cryptonews.com/news/phantom-faces-lawsuit-over-security-vulnerabilities-in-crypto-wallet/"},{"credibility":2,"name":"CryptoBriefing: Phantom sued after alleged wallet flaw led to $500,000 crypto theft","type":"news_article","url":"https://cryptobriefing.com/phantom-security-breach-lawsuit/"}]},{"content":"Phantom's brand and user base have been materially targeted by third-party scammers. Documented impersonation threats include: (1) A fake Phantom wallet application that appeared in the Apple iOS App Store (reported June 2024), signed with a valid Apple developer certificate, which harvested seed phrases by presenting an 'import wallet' interface; (2) Fake browser extensions distributed outside the official Chrome Web Store; (3) Fake pop-up windows mimicking Phantom's native UI that instruct users to enter their seed phrase to 'complete an update,' a technique that evolved to connect to real Phantom wallets first before presenting the fraudulent request (noted by security platform Web3 Scam Sniffer); (4) Social media impersonation of Phantom support staff on Discord, Twitter, and Telegram. In response, Phantom has published an open-source blocklist of over 2,000 malicious domains, integrated scam-detection warnings into the wallet UI, added an NFT-burn feature to remove spam tokens, and published detailed user education content. The company maintains that users who do not enter their seed phrase on any external site and who download Phantom exclusively from phantom.com or phantom.app are not at risk from these impersonators.","heading":"Phishing, Fake Impersonators, and User-Facing Scams","severity":"high","sources":[{"credibility":2,"name":"crypto.news: Fake Phantom wallet breaches Apple's app store, draining crypto assets","type":"news_article","url":"https://crypto.news/fake-phantom-wallet-breaches-apples-app-store-draining-crypto-assets/"},{"credibility":2,"name":"cryptoslate: Fake Phantom wallet promoted in iOS AppStore drains users funds","type":"news_article","url":"https://cryptoslate.com/fake-phantom-wallet-promoted-in-ios-appstore-drains-users-funds/"},{"credibility":2,"name":"Bitget News: Scammers Target Phantom Wallet Users with Fake Pop-ups and Steal Cryptocurrency","type":"news_article","url":"https://www.bitget.com/news/detail/12560604557882"},{"credibility":1,"name":"Phantom help center: Security tips for Phantom users","type":"official","url":"https://help.phantom.com/hc/en-us/articles/13515761228051-Security-tips-for-Phantom-users"},{"credibility":2,"name":"OneSafe Blog: Phantom Wallet Phishing Scam: What You Need to Know","type":"research","url":"https://www.onesafe.io/blog/phantom-wallet-phishing-scam-security-tips"}]},{"content":"Phantom introduced transaction simulation as a core security feature that evaluates transactions before they are broadcast to the network. The wallet scans proposed transactions for interactions with blacklisted programs, unauthorized authority-change instructions, simulation-evasion attempts, and net-negative asset flows, then displays a warning if any are detected. In addition, Phantom partnered with Lighthouse Protocol to implement Guard Instructions, which add cryptographic assertions to transactions presented to users, making simulation-spoofing attacks—where a malicious dApp shows a safe preview but executes a harmful transaction—significantly harder. Phantom stated it is the first wallet to implement this approach. These features are described as proactive defenses against drainer contracts and approval phishing.","heading":"Transaction Simulation and Anti-Spoofing Features","severity":"low","sources":[{"credibility":1,"name":"Phantom: Anti-Spoofing Security With Lighthouse","type":"official","url":"https://phantom.com/learn/blog/anti-spoofing-security"},{"credibility":1,"name":"Phantom: Security at Phantom","type":"official","url":"https://phantom.com/learn/blog/security-at-phantom"}]},{"content":"In December 2024, threat actors compromised the Solana web3.js npm library (versions 1.95.6 and 1.96.7) by targeting a Solana npm organization member via spear-phishing, allowing the injection of backdoor code that requested and exfiltrated private keys. The compromised versions were live for approximately five hours on December 2, 2024, before being removed. Phantom confirmed it did not use the compromised library versions and was not affected. Major wallet providers Phantom and Coinbase both confirmed their systems were uncompromised. The attack primarily affected custodial services, bots, and dApps that integrated the specific compromised npm versions, with estimated losses of $130,000–$160,000.","heading":"December 2024 Solana Supply Chain Attack","severity":"low","sources":[{"credibility":2,"name":"Mitrade: Phantom wallet is safe from the Solana supply chain attack","type":"news_article","url":"https://www.mitrade.com/insights/news/live-news/article-3-506371-20241205"},{"credibility":2,"name":"The Hacker News: Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library","type":"news_article","url":"https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html"},{"credibility":2,"name":"Infosecurity Magazine: Solana Library Supply Chain Attack Exposes Cryptocurrency Wallets","type":"news_article","url":"https://www.infosecurity-magazine.com/news/solana-library-supply-chain-attack/"}]},{"content":"Ahead of a planned 2026 rollout of Phantom Chat — an in-wallet peer-to-peer messaging feature — security researchers and community members raised concerns that integrating messaging directly into a wallet interface could amplify address poisoning attacks, a technique where attackers send small transactions from wallet addresses visually similar to ones a user has recently interacted with, hoping users will copy the attacker's address from their transaction history for a future transfer. A user was reported to have lost approximately 3.5 WBTC (valued at roughly $150,000–$264,000) via address poisoning in a separate incident cited alongside these concerns. On-chain investigator ZachXBT publicly warned about the chat feature compounding social engineering risk. Phantom has not yet released full technical specifications of Phantom Chat; the feature was described as still in development as of early 2026.","heading":"Phantom Chat Feature and Address Poisoning Concerns (2026)","severity":"medium","sources":[{"credibility":3,"name":"MEXC News: Phantom Chat Triggers Security Alarms as Hack Warnings Surface Ahead of 2026 Launch","type":"news_article","url":"https://www.mexc.com/news/682423"},{"credibility":2,"name":"KuCoin: Phantom Chat Sparks Security Warnings Over Address Poisoning Risks","type":"news_article","url":"https://www.kucoin.com/news/flash/phantom-chat-sparks-security-warnings-over-address-poisoning-risks"},{"credibility":2,"name":"CoinTelegraph: Phantom Chat under scrutiny after $264K address poisoning loss","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:e42683c52094b:0-phantom-chat-under-scrutiny-after-264k-address-poisoning-loss/"}]},{"content":"On approximately April 7, 2026, Phantom experienced a temporary service outage that caused incorrect token balances and prices to display within the wallet interface. The outage coincided with a popular token airdrop event, preventing some users from selling assets, and some users reported financial losses attributed to their inability to trade during the disruption. Phantom stated that user funds were not affected and that the problem was limited to front-end display errors, likely stemming from a failure in its data aggregation or third-party API pricing infrastructure rather than any on-chain issue. Service was restored by approximately 10:55 p.m. on the same day. Phantom did not offer reimbursement for losses attributed to the outage.","heading":"April 2026 Service Outage","severity":"medium","sources":[{"credibility":1,"name":"The Block: Phantom reports temporary service outage affecting in-app balances","type":"news_article","url":"https://www.theblock.co/post/396479/phantom-reports-service-outage"},{"credibility":2,"name":"CryptoTimes: Phantom Wallet Outage Sparks Token Loss Fears Among Users","type":"news_article","url":"https://www.cryptotimes.io/2026/04/07/phantom-wallet-outage-sparks-token-loss-fears-among-users/"},{"credibility":2,"name":"Crowdfund Insider: Phantom Cryptocurrency Wallet Grapples With Brief Operational Disruption","type":"news_article","url":"https://www.crowdfundinsider.com/2026/04/271829-phantom-cryptocurrency-wallet-grapples-with-brief-operational-disruption-affecting-asset-displays/"}]},{"content":"Phantom Technologies has proactively engaged US financial regulators. On June 17, 2025, Phantom submitted a letter to the SEC's Crypto Task Force arguing that its self-custody wallet interface does not constitute broker activity under Section 15(a) of the Exchange Act and does not require SEC registration. The company also supported the 'Project Open' initiative, which proposes a framework for Token Shares issuance compliant with securities laws. On March 17, 2026, the CFTC's Market Participants Division issued Staff Letter 26-09, a no-action position addressed directly to Phantom Technologies, stating it would not recommend enforcement action for failure to register as an introducing broker, provided Phantom adheres to ten specified conditions. These conditions include: adopting CEA-compliant disclosure policies, obtaining customer acknowledgment of disclosures, complying with marketing restrictions, and accepting CFTC jurisdiction and joint-and-several liability for regulated derivatives platform partners. Phantom described the letter as 'first-of-its-kind.' The company's terms of service state it is not a money transmitter, is not subject to Bank Secrecy Act anti-money laundering requirements as a money services business, and has not been reviewed or approved by any financial regulatory authority.","heading":"Regulatory Posture","severity":"low","sources":[{"credibility":1,"name":"CFTC.gov: CFTC Staff Issues No-Action Position to Self-Custodial Crypto Asset Wallet Software Provider","type":"regulatory","url":"https://www.cftc.gov/PressRoom/PressReleases/9197-26"},{"credibility":1,"name":"CoinDesk: Phantom wins CFTC no-action relief","type":"news_article","url":"https://www.coindesk.com/policy/2026/03/17/phantom-wins-cftc-no-action-relief-clearing-path-for-crypto-wallet-access-to-regulated-derivatives-markets"},{"credibility":1,"name":"SEC.gov: Phantom Technologies written submission to Crypto Task Force","type":"regulatory","url":"https://www.sec.gov/about/crypto-task-force/written-submission/phantom-technologies-061725"},{"credibility":2,"name":"Cooley: CFTC Issues No-Action Relief to Self-Custodial Crypto-Wallet Application","type":"other","url":"https://www.cooley.com/news/insight/2026/2026-04-06-cftc-issues-no-action-relief-to-self-custodial-crypto-wallet-application"},{"credibility":1,"name":"Phantom Terms of Use — phantom.com","type":"official","url":"https://phantom.com/terms"}]}],"sources_used":[{"credibility":1,"name":"TechCrunch: Phantom Series A a16z","type":"news_article","url":"https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/","wayback_url":"https://web.archive.org/web/20260505062440/https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/"},{"credibility":1,"name":"CoinDesk: Solana Wallet Phantom Raises $109M","type":"news_article","url":"https://www.coindesk.com/business/2022/01/31/solana-wallet-phantom-raises-109m-to-rival-metamask","wayback_url":"https://web.archive.org/web/20260505062519/https://www.coindesk.com/business/2022/01/31/solana-wallet-phantom-raises-109m-to-rival-metamask"},{"credibility":1,"name":"The Block: Phantom Wallet raises $150 million at $3 billion valuation","type":"news_article","url":"https://www.theblock.co/post/335305/phantom-wallet-raises-150-million-at-3-billion-valuation","wayback_url":"https://web.archive.org/web/20260505062531/https://www.theblock.co/post/335305/phantom-wallet-raises-150-million-at-3-billion-valuation"},{"credibility":1,"name":"Phantom Series C blog post","type":"official","url":"https://phantom.com/learn/blog/phantom-series-c","wayback_url":"https://web.archive.org/web/20260505062557/https://phantom.com/learn/blog/phantom-series-c"},{"credibility":1,"name":"Phantom security page","type":"official","url":"https://phantom.com/security","wayback_url":"https://web.archive.org/web/20260505062622/https://phantom.com/security"},{"credibility":1,"name":"Phantom bug bounty program","type":"official","url":"https://phantom.com/bug-bounty","wayback_url":"https://web.archive.org/web/20260505062701/https://phantom.com/bug-bounty"},{"credibility":1,"name":"Phantom privacy policy","type":"official","url":"https://phantom.com/privacy","wayback_url":"https://web.archive.org/web/20260505062729/https://phantom.com/privacy"},{"credibility":1,"name":"Phantom terms of use","type":"official","url":"https://phantom.com/terms","wayback_url":"https://web.archive.org/web/20260505062807/https://phantom.com/terms"},{"credibility":1,"name":"Least Authority: Phantom Wallet Final Audit Report (June 2024)","type":"research","url":"https://leastauthority.com/wp-content/uploads/2024/07/Least-Authority-Phantom-Wallet-Final-Audit-Report.pdf"},{"credibility":2,"name":"Halborn: Demonic vulnerability disclosure","type":"research","url":"https://www.halborn.com/blog/post/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions","wayback_url":"https://web.archive.org/web/20260505062921/https://www.halborn.com/blog/post/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions"},{"credibility":1,"name":"Phantom blog: Keeping Phantom safe from the Demonic vulnerability","type":"official","url":"https://phantom.com/learn/blog/keeping-phantom-safe-from-the-demonic-critical-vulnerability","wayback_url":"https://web.archive.org/web/20260505063000/https://phantom.com/learn/blog/keeping-phantom-safe-from-the-demonic-critical-vulnerability"},{"credibility":1,"name":"BleepingComputer: MetaMask, Phantom warn of flaw","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/metamask-phantom-warn-of-flaw-that-could-steal-your-crypto-wallets/"},{"credibility":1,"name":"CoinDesk: Phantom says its systems were not compromised in $4M hack","type":"news_article","url":"https://www.coindesk.com/business/2022/08/10/phantom-says-its-systems-were-not-compromised-in-4m-hack","wayback_url":"https://web.archive.org/web/20260505063036/https://www.coindesk.com/business/2022/08/10/phantom-says-its-systems-were-not-compromised-in-4m-hack"},{"credibility":1,"name":"Solana Foundation: Slope Wallet incident update","type":"official","url":"https://solana.com/news/8-2-2022-application-wallet-incident","wayback_url":"https://web.archive.org/web/20260505063123/https://solana.com/news/8-2-2022-application-wallet-incident"},{"credibility":1,"name":"TechCrunch: Solana wallet hack August 2022","type":"news_article","url":"https://techcrunch.com/2022/08/03/solana-wallet-hack/","wayback_url":"https://web.archive.org/web/20260505063157/https://techcrunch.com/2026/04/30/hackers-are-actively-exploiting-a-bug-in-cpanel-used-by-millions-of-websites/"},{"credibility":2,"name":"Decrypt: Phantom Wallet Sued Over $500K Meme Coin Theft","type":"news_article","url":"https://decrypt.co/314783/phantom-wallet-sued-500k-meme-coin-theft-alleged-security-flaw","wayback_url":"https://web.archive.org/web/20260505063220/https://decrypt.co/314783/phantom-wallet-sued-500k-meme-coin-theft-alleged-security-flaw"},{"credibility":2,"name":"CryptoBriefing: Phantom sued over $500K theft","type":"news_article","url":"https://cryptobriefing.com/phantom-security-breach-lawsuit/","wayback_url":"https://web.archive.org/web/20260505063253/https://cryptobriefing.com/phantom-security-breach-lawsuit/"},{"credibility":2,"name":"crypto.news: Fake Phantom wallet breaches Apple App Store","type":"news_article","url":"https://crypto.news/fake-phantom-wallet-breaches-apples-app-store-draining-crypto-assets/","wayback_url":"https://web.archive.org/web/20260505063335/https://crypto.news/fake-phantom-wallet-breaches-apples-app-store-draining-crypto-assets/"},{"credibility":2,"name":"cryptoslate: Fake Phantom wallet in iOS App Store","type":"news_article","url":"https://cryptoslate.com/fake-phantom-wallet-promoted-in-ios-appstore-drains-users-funds/","wayback_url":"https://web.archive.org/web/20260505063359/https://cryptoslate.com/fake-phantom-wallet-promoted-in-ios-appstore-drains-users-funds/"},{"credibility":1,"name":"Phantom help: Security tips for Phantom users","type":"official","url":"https://help.phantom.com/hc/en-us/articles/13515761228051-Security-tips-for-Phantom-users"},{"credibility":1,"name":"Phantom: Anti-Spoofing Security With Lighthouse","type":"official","url":"https://phantom.com/learn/blog/anti-spoofing-security","wayback_url":"https://web.archive.org/web/20260505063447/https://phantom.com/learn/blog/anti-spoofing-security"},{"credibility":2,"name":"The Hacker News: Solana web3.js supply chain attack","type":"news_article","url":"https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html","wayback_url":"https://web.archive.org/web/20260505063531/https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html"},{"credibility":2,"name":"Mitrade: Phantom wallet safe from Solana supply chain attack","type":"news_article","url":"https://www.mitrade.com/insights/news/live-news/article-3-506371-20241205","wayback_url":"https://web.archive.org/web/20260505072515/https://www.mitrade.com/insights/news/live-news/article-3-506371-20241205"},{"credibility":1,"name":"CFTC.gov: CFTC Staff Issues No-Action Position to Phantom Technologies","type":"regulatory","url":"https://www.cftc.gov/PressRoom/PressReleases/9197-26","wayback_url":"https://web.archive.org/web/20260505072724/https://www.cftc.gov/PressRoom/PressReleases/9197-26"},{"credibility":1,"name":"CoinDesk: Phantom wins CFTC no-action relief","type":"news_article","url":"https://www.coindesk.com/policy/2026/03/17/phantom-wins-cftc-no-action-relief-clearing-path-for-crypto-wallet-access-to-regulated-derivatives-markets","wayback_url":"http://web.archive.org/web/20260504171959/https://www.coindesk.com/policy/2026/03/17/phantom-wins-cftc-no-action-relief-clearing-path-for-crypto-wallet-access-to-regulated-derivatives-markets"},{"credibility":1,"name":"SEC.gov: Phantom Technologies written submission","type":"regulatory","url":"https://www.sec.gov/about/crypto-task-force/written-submission/phantom-technologies-061725"},{"credibility":1,"name":"The Block: Phantom reports service outage","type":"news_article","url":"https://www.theblock.co/post/396479/phantom-reports-service-outage"},{"credibility":2,"name":"KuCoin: Phantom Chat address poisoning concerns","type":"news_article","url":"https://www.kucoin.com/news/flash/phantom-chat-sparks-security-warnings-over-address-poisoning-risks","wayback_url":"https://web.archive.org/web/20260505073045/https://www.kucoin.com/news/flash/phantom-chat-sparks-security-warnings-over-address-poisoning-risks"},{"credibility":1,"name":"Phantom multichain introduction","type":"official","url":"https://phantom.com/learn/blog/introducing-phantom-multichain","wayback_url":"https://web.archive.org/web/20260505073128/https://phantom.com/learn/blog/introducing-phantom-multichain"},{"credibility":1,"name":"The Block: What is Phantom Wallet","type":"news_article","url":"https://www.theblock.co/learn/305135/what-is-the-phantom-wallet"}],"summary":"Phantom Wallet is a self-custody, non-custodial cryptocurrency wallet developed by Phantom Technologies, Inc., headquartered in San Francisco. Originally launched in 2021 as a Solana-focused browser extension, it has expanded to support Ethereum, Bitcoin, Polygon, Base, and Sui across browser extensions and mobile apps, with approximately 15 million monthly active users and $25 billion in self-custodied assets as of early 2025. The company is well-funded and has engaged constructively with US regulators, though it faces an active civil lawsuit alleging a browser-extension security flaw, and its users have been materially targeted by phishing impersonators and fake app-store clones.","timeline":[{"date":"2021-01-01","event":"Phantom Technologies, Inc. founded by Brandon Millman, Francesco Agosti, and Chris Kalani, all former 0x Protocol engineers","source":"TechCrunch","source_url":"https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/"},{"date":"2021-07-14","event":"Phantom raises $9 million Series A led by a16z, with Variant Fund, Jump Capital, DeFi Alliance, Solana Foundation, and Garry Tan participating","source":"TechCrunch","source_url":"https://techcrunch.com/2021/07/14/crypto-startup-phantom-banks-funding-from-andreessen-horowitz-to-scale-its-multi-chain-wallet/"},{"date":"2021-09-01","event":"Halborn privately discloses the 'Demonic' vulnerability affecting Phantom's browser extension, in which browsers cache seed phrases in plaintext","source":"Halborn","source_url":"https://www.halborn.com/blog/post/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions"},{"date":"2021-11-01","event":"Phantom browser extension reaches 1 million downloads","source":"The Block","source_url":"https://www.theblock.co/learn/305135/what-is-the-phantom-wallet"},{"date":"2022-01-01","event":"Phantom begins rolling out patches for the Demonic vulnerability; all users protected by April 2022","source":"Phantom blog","source_url":"https://phantom.com/learn/blog/keeping-phantom-safe-from-the-demonic-critical-vulnerability"},{"date":"2022-01-31","event":"Phantom raises $109 million Series B led by Paradigm at a $1.2 billion valuation; launches iOS mobile app","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2022/01/31/solana-wallet-phantom-raises-109m-to-rival-metamask"},{"date":"2022-04-01","event":"Phantom launches Android mobile app","source":"The Block","source_url":"https://www.theblock.co/learn/305135/what-is-the-phantom-wallet"},{"date":"2022-08-03","event":"Approximately 8,000 Solana-ecosystem wallets drained in exploit later attributed to Slope Wallet's insecure key logging; Phantom wallets not directly compromised but some affected users had previously imported seed phrases from Slope","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2022/08/10/phantom-says-its-systems-were-not-compromised-in-4m-hack"},{"date":"2024-06-01","event":"Fake Phantom wallet application appears in Apple iOS App Store, harvesting seed phrases from users who attempt to import wallets","source":"crypto.news","source_url":"https://crypto.news/fake-phantom-wallet-breaches-apples-app-store-draining-crypto-assets/"},{"date":"2024-06-07","event":"Least Authority publishes independent security audit of Phantom Wallet; findings include two non-critical deficiencies later resolved by the Phantom team","source":"Least Authority","source_url":"https://leastauthority.com/wp-content/uploads/2024/07/Least-Authority-Phantom-Wallet-Final-Audit-Report.pdf"},{"date":"2024-12-02","event":"Solana web3.js npm library supply chain attack discovered; Phantom confirms it does not use the compromised library versions and is unaffected","source":"Mitrade / The Hacker News","source_url":"https://www.mitrade.com/insights/news/live-news/article-3-506371-20241205"},{"date":"2025-01-16","event":"Phantom raises $150 million Series C co-led by Sequoia Capital and Paradigm at a $3 billion valuation","source":"Phantom blog / The Block","source_url":"https://phantom.com/learn/blog/phantom-series-c"},{"date":"2025-01-20","event":"Alleged hack of plaintiff Liam Murphy's wallets via Phantom browser extension; $500,000 in WIENER tokens liquidated, causing alleged 99% token value collapse","source":"Decrypt","source_url":"https://decrypt.co/314783/phantom-wallet-sued-500k-meme-coin-theft-alleged-security-flaw"},{"date":"2025-04-14","event":"Thomas Liam Murphy and 13 co-plaintiffs file $3.1M lawsuit against Phantom Technologies and OKX in SDNY, alleging unencrypted private key storage and Commodity Exchange Act violations","source":"Decrypt","source_url":"https://decrypt.co/314783/phantom-wallet-sued-500k-meme-coin-theft-alleged-security-flaw"},{"date":"2025-06-17","event":"Phantom Technologies submits letter to SEC Crypto Task Force arguing wallet does not constitute broker activity and does not require Exchange Act registration","source":"SEC.gov","source_url":"https://www.sec.gov/about/crypto-task-force/written-submission/phantom-technologies-061725"},{"date":"2026-03-17","event":"CFTC Division of Enforcement issues Staff Letter 26-09 — a no-action position — to Phantom Technologies, permitting wallet integration with regulated derivatives platforms without introducing broker registration, subject to ten conditions","source":"CFTC.gov / CoinDesk","source_url":"https://www.cftc.gov/PressRoom/PressReleases/9197-26"},{"date":"2026-04-07","event":"Phantom experiences temporary service outage causing incorrect balance and price display; company states user funds unaffected; service restored same day","source":"The Block","source_url":"https://www.theblock.co/post/396479/phantom-reports-service-outage"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 84c7b9be-dab6-4c84-9c9c-715eb072333c
  6. #6reviewby reviewerreviewer
    2026-06-09 02:47:34Z
    Score: 5757 (no score change)
    The Phantom Wallet investigation page is broadly accurate and well-sourced, with the majority of claims confirmed by tier-1 sources. Two notable factual errors were found: (1) the page incorrectly describes Chris Kalani as a former 0x Protocol engineer with the CTO title — he is CPO with a product/design background from Facebook; (2) the page misstates one of the compromised Solana web3.js npm versions as 1.96.7 when multiple credible sources confirm it was 1.95.7. A Wayback URL in sources_used for the TechCrunch Solana hack article points to an entirely different article (an April 2026 cPanel exploit story), constituting link rot in the archive reference. The August 2022 exploit figures are imprecise relative to the Solana Foundation's authoritative post-incident count of 9,231 wallets and $4.1M lost.
    anchoranchored
    chain
    mainnet-betaslot 425,240,186
    sig
    4VsGTrqrqY5e…DJUynDCnexplorer ↗
    hash
    GzH9sy38PVFR…A8BHSBTHsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1163 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-09T02:47:34.773Z","decision":"review","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":57,"page_slug":"phantom-wallet","prev_score":57,"reason":"The Phantom Wallet investigation page is broadly accurate and well-sourced, with the majority of claims confirmed by tier-1 sources. Two notable factual errors were found: (1) the page incorrectly describes Chris Kalani as a former 0x Protocol engineer with the CTO title — he is CPO with a product/design background from Facebook; (2) the page misstates one of the compromised Solana web3.js npm versions as 1.96.7 when multiple credible sources confirm it was 1.95.7. A Wayback URL in sources_used for the TechCrunch Solana hack article points to an entirely different article (an April 2026 cPanel exploit story), constituting link rot in the archive reference. The August 2022 exploit figures are imprecise relative to the Solana Foundation's authoritative post-incident count of 9,231 wallets and $4.1M lost.","score_delta":0,"sequence_num":6,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision abd458c8-1d40-4080-ae3a-989399556760
  7. #7review reviseby judgejudge
    2026-06-09 02:47:35Z
    Score: 5747 (-10)
    The review found no fully disputed claims, but three partially_supported findings warrant correction. First, claim_findings[0] identifies a factual error in the founding team section: Chris Kalani is described as a former 0x Protocol engineer and CTO, but multiple sources confirm he is CPO with a product and design background from Facebook and Frog Design — only Millman and Agosti are 0x alumni. Second, claim_findings[18] identifies a version number error in the December 2024 supply chain attack section: the page states version 1.96.7 was compromised, but multiple credible sources including Wiz and The Hacker News confirm the correct version is 1.95.7. Third, claim_findings[12] finds the August 2022 wallet count and dollar figures are imprecise relative to the Solana Foundation's authoritative post-incident report of 9,231 wallets and $4.1M. One instance of link rot was also identified: a Wayback Machine archive URL for the TechCrunch Solana hack article resolves to an unrelated cPanel exploit story. The page is broadly well-sourced and the core narrative is accurate; the issues are correctable factual errors rather than substantive misrepresentations.
    anchoranchored
    chain
    mainnet-betaslot 425,240,190
    sig
    3WznJK7fWQjg…ZZ9HXDWKexplorer ↗
    hash
    42zC6xrGgMFY…ZNPsZRfxsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1526 B) ▸
    {"actor":"judge","decided_at":"2026-06-09T02:47:34.773Z","decision":"review_revise","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":47,"page_slug":"phantom-wallet","prev_score":57,"reason":"The review found no fully disputed claims, but three partially_supported findings warrant correction. First, claim_findings[0] identifies a factual error in the founding team section: Chris Kalani is described as a former 0x Protocol engineer and CTO, but multiple sources confirm he is CPO with a product and design background from Facebook and Frog Design — only Millman and Agosti are 0x alumni. Second, claim_findings[18] identifies a version number error in the December 2024 supply chain attack section: the page states version 1.96.7 was compromised, but multiple credible sources including Wiz and The Hacker News confirm the correct version is 1.95.7. Third, claim_findings[12] finds the August 2022 wallet count and dollar figures are imprecise relative to the Solana Foundation's authoritative post-incident report of 9,231 wallets and $4.1M. One instance of link rot was also identified: a Wayback Machine archive URL for the TechCrunch Solana hack article resolves to an unrelated cPanel exploit story. The page is broadly well-sourced and the core narrative is accurate; the issues are correctable factual errors rather than substantive misrepresentations.","score_delta":-10,"sequence_num":7,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 88ed124a-5976-4127-820e-364fb2b6e7e9
  8. #8reviewby reviewerreviewer
    2026-06-14 23:16:10Z
    Score: 4747 (no score change)
    Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Phantom Wallet is a legitimate, venture-backed non-custodial wallet operator with $268M in institutional funding, a $3B valuation as of January 2025, 15M+ monthly active users, and a positive March 2026 CFTC no-action letter — the first ever granted to a self-custodial wallet. None of the incidents documented on the page constitute fraud by Phantom itself: the August 2022 Solana exploit was definitively traced to Slope Wallet's server-side key storage failure; the Demonic vulnerability was patched before any confirmed exploitation; the 2024 supply chain attack had zero impact on Phantom; and the fake iOS app is third-party brand abuse. The only incident with even residual ambiguity is the unresolved April 2025 civil lawsuit alleging unencrypted browser memory storage, which Phantom has denied and no court has adjudicated. The page's own timeline and summary describe these facts accurately, yet the score of 47 places Phantom in WARNING alongside entities with elevated fraud or severe unresolved loss risk. Under the post-policy band semantics, CAUTIONARY (50–69) is the correct band for a legitimate operator with material-but-not-fraud-level caveats: one unresolved lawsuit, a patched critical vulnerability, and pervasive brand-abuse by third parties. A score of 63 reflects those caveats while properly distinguishing Phantom from entities that have caused losses through their own conduct.
    anchoranchored
    chain
    mainnet-betaslot 426,514,707
    sig
    4q1VATuL5RJs…njsXkRyZexplorer ↗
    hash
    6NHrVie21NJp…qyRPhmzusha256 → base58
    verifying row…full verify ↗
    canonical bytes (1899 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-14T23:16:10.401Z","decision":"review","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":47,"page_slug":"phantom-wallet","prev_score":47,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Phantom Wallet is a legitimate, venture-backed non-custodial wallet operator with $268M in institutional funding, a $3B valuation as of January 2025, 15M+ monthly active users, and a positive March 2026 CFTC no-action letter — the first ever granted to a self-custodial wallet. None of the incidents documented on the page constitute fraud by Phantom itself: the August 2022 Solana exploit was definitively traced to Slope Wallet's server-side key storage failure; the Demonic vulnerability was patched before any confirmed exploitation; the 2024 supply chain attack had zero impact on Phantom; and the fake iOS app is third-party brand abuse. The only incident with even residual ambiguity is the unresolved April 2025 civil lawsuit alleging unencrypted browser memory storage, which Phantom has denied and no court has adjudicated. The page's own timeline and summary describe these facts accurately, yet the score of 47 places Phantom in WARNING alongside entities with elevated fraud or severe unresolved loss risk. Under the post-policy band semantics, CAUTIONARY (50–69) is the correct band for a legitimate operator with material-but-not-fraud-level caveats: one unresolved lawsuit, a patched critical vulnerability, and pervasive brand-abuse by third parties. A score of 63 reflects those caveats while properly distinguishing Phantom from entities that have caused losses through their own conduct.","score_delta":0,"sequence_num":8,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 13e98b57-81c7-41a6-aad7-ac94795c83bf
  9. #9review approveby judgejudge
    2026-06-14 23:16:10Z
    Score: 4763 (+16)
    This is a severity-calibration review, not a fact-dispute review. All six claim_findings are marked 'supported' (disputed_pct = 0%) and the page content stands as accurate. The reviewer's three modifier_flags identify the root cause of miscalibration: the current score of 47 (WARNING band) penalizes Phantom for (1) the August 2022 Solana exploit that was definitively caused by Slope Wallet's server-side key logging, not by any Phantom flaw; (2) a fake iOS App Store application that is entirely third-party brand abuse; and (3) the December 2024 Solana web3.js supply chain attack, which Phantom confirmed had zero impact on its systems. The only genuine residual caveats — an unresolved 2025 civil lawsuit (claim_findings[3]) and the patched-but-historically-critical Demonic vulnerability (claim_findings[4]) — appropriately support a CAUTIONARY band rather than a WARNING band. A score of 63 correctly distinguishes Phantom, a venture-backed legitimate operator with $268M in institutional funding and a positive March 2026 CFTC no-action letter (claim_findings[2]), from entities that have caused losses through their own conduct. The +16 delta moves the score from 47 to 63, consistent with the reviewer's recommendation and the post-policy CAUTIONARY band semantics.
    anchoranchored
    chain
    mainnet-betaslot 426,514,724
    sig
    4aB8ugbt5EXS…DsqJ2E3Aexplorer ↗
    hash
    GPsB81q36Ptp…DL9cmFo3sha256 → base58
    verifying row…full verify ↗
    canonical bytes (1632 B) ▸
    {"actor":"judge","decided_at":"2026-06-14T23:16:10.401Z","decision":"review_approve","investigation_id":"534e51fc-2dbe-42e6-86ff-3f144efce521","new_score":63,"page_slug":"phantom-wallet","prev_score":47,"reason":"This is a severity-calibration review, not a fact-dispute review. All six claim_findings are marked 'supported' (disputed_pct = 0%) and the page content stands as accurate. The reviewer's three modifier_flags identify the root cause of miscalibration: the current score of 47 (WARNING band) penalizes Phantom for (1) the August 2022 Solana exploit that was definitively caused by Slope Wallet's server-side key logging, not by any Phantom flaw; (2) a fake iOS App Store application that is entirely third-party brand abuse; and (3) the December 2024 Solana web3.js supply chain attack, which Phantom confirmed had zero impact on its systems. The only genuine residual caveats — an unresolved 2025 civil lawsuit (claim_findings[3]) and the patched-but-historically-critical Demonic vulnerability (claim_findings[4]) — appropriately support a CAUTIONARY band rather than a WARNING band. A score of 63 correctly distinguishes Phantom, a venture-backed legitimate operator with $268M in institutional funding and a positive March 2026 CFTC no-action letter (claim_findings[2]), from entities that have caused losses through their own conduct. The +16 delta moves the score from 47 to 63, consistent with the reviewer's recommendation and the post-policy CAUTIONARY band semantics.","score_delta":16,"sequence_num":9,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision a4ae6685-d1d0-4863-8af9-6a6617de8370
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.