The Phantom wallet from Solana has been the subject of criticism due to its inadequate response to potential vulnerabilities in its application.
Phantom, the popular Solana wallet, has faced criticism for its response to a potential vulnerability in its application. Security researcher Cloakd accused Phantom of disregarding his message to notify them of a wallet vulnerability in a post on X.
Cloakd says he has been waiting for more than 28 days for the Phantom security team to let him know if they have fixed the flaw, but they have not done so yet.
He stated, “I have been anticipating the resolution of a significant vulnerability in one of the most prominent applications on SOL for more than 28 days. Currently, it is approaching the status of a farce; I am unable to obtain a response from their security team regarding an update.”
Following Cloakd’s post, the Phantom official account responded on X, indicating that security is its top priority and that it has conducted an investigation into the vulnerability report. The team asserted that the vulnerability did not have an impact on users’ funds and that there was no reason for concern.
There was a statement that read: “After conducting an investigation into your report, we have differing opinions regarding its severity. We are of the opinion that it does not subject user funds to any form of vulnerability.”
Nevertheless, Cloakd refuted this assertion, asserting that the vulnerability directly threatens the funds of users. He advised certain users who inquired about their actions to securely store their private key and transfer the funds to an alternative wallet, as Phantom obviously does not prioritize security.
Other members of the crypto community also expressed their dissatisfaction with the response, pointing out that the wallet provider did not disclose the specific steps it had taken to mitigate the vulnerability or whether it had resolved the issue.
The security expert observed that the vulnerability is located within the Phantom app, despite the fact that Cloakd did not specify it. This should suffice to safeguard the assets in the wallet by securely keeping the private key.
In the interim, Andy, a security expert from Taptrade, a company based in Solana, joined in disputing Phantom’s assertions regarding its security. According to him, his team had previously disclosed numerous flaws to the wallet provider’s team, but the wallet provider had not responded to any messages regarding potential vulnerabilities in its application.
Also Read: Kazakhstan Court Imprisons Crypto Exchange Operators for Crackdown
Wallets