A buggy update for the Solana-based Phantom wallet caused several iOS users to lose access to their funds, as the app reset and locked them out.
On Nov. 13, several users started reporting that a new update was completely resetting the wallet while prompting users to log back in using their recovery phrases. Several users, who were caught off guard reported losing access to their funds.
One user claimed losses of $600,000, with others reporting amounts between $10,000 and $100,000, sparking calls for reimbursement. However, as Phantom operates as a non-custodial wallet, it does not store usersโ recovery phrases or have access to their funds.ย
In a non-custodial setup, only the users hold their wallet keys, providing greater control but also placing full responsibility on them to secure their recovery phrases.
Initially believed to impact all users, Phantom later confirmed that the issue affected only a โsmall number of iOS users.โ Per a post-incident announcement, the wallet provider said it pushed a new update that would prevent the bug from โaffecting any additional users.โ
While Phantom did not disclose how many users were affected, it urged users to back up their recovery phrases and issued an apology for the incident.
โWeโre committed to making sure this wonโt happen again,โ the firm wrote.
Phantom has advised users to reach out to its support team for further assistance.
The incident follows another mishap for the wallet during the Grass token airdrop in late October when a surge in activity led to nearly three hours of downtime. Users reported inaccurate balances and transaction issues, which Phantom attributed to backend strain due to high demand.
Seed phrase recovery services
Losing recovery phrases, forgetting to back them up, or misplacing the backup has always been an issue among less tech-savvy users in the crypto space. This has spurred the creation of recovery services, much like backup options in traditional finance, to help make managing recovery phrases a bit easier.
For instance, hardware wallet maker Ledger launched its controversial Ledger Recover service, in 2023. This paid, optional subscription service aims to offer users a secure seed backup solution for users.ย
However, community members have expressed privacy concerns, fearing that the service might grant the manufacturer access to sensitive information essential for fund transfers.
On the contrary, earlier this year, the DeRec Alliance disclosed plans to establish open standards for secure recovery through a decentralized approach, leveraging a protocol that shares secrets among designated entities without exposing private information.