Here Is Why You Should Never Use Crypto Wallet With Public Wi-Fi

Cover image via u.today Read U.TODAY on Google News Crypto wallet user says his Phantom was hijacked via hotel Wi-Fi Community raises questions Advertisement Cryptocurrency trader who goes by The Smart Ape has shared with his 66,700 followers the story of how his wallet was drained thanks to a single approval on Solana's Jupiter DEX. Meanwhile, some of the story's details left the crypto community confused. Crypto wallet user says his Phantom was hijacked via hotel Wi-Fi In the recent holiday week, cryptocurrency and NFT investor The Smart Ape had his Solana Phantom wallet drained for $5,000, he shared in an X article with his 66,000+ followers. He suspects a hotel Wi-Fi flaw to be the attack vector that made the theft possible. Image via X According to the post, the investor was spending the holiday in a premium hotel and utilized the venue's public Wi-Fi network only protected by a captive page, with no passwords. HOT Stories Crypto Market Review: Will Bitcoin Hold $90,000 Over the Weekend? Don't Write XRP off Here, Ethereum (ETH) $3,000+ Surge Plausible BNY Taps Ripple Prime to Pioneer Programmable Cash for Big Investors Morning Crypto Report: XRP Risks Becoming $2 Stablecoin, Coinbase Reveals 4 Proofs of Crypto Reset, '$10,000 Zcash' Advocate Ends Speculation on ZEC Developers' Scandal Ripple-Backed Evernorth to Expand XRPL Adoption Then, he had a call with a friend about Bitcoin (BTC) and general market conditions, which he suspects was overheard by a malefactor. The victim even leaked the fact that he was actively using a Phantom wallet. After that, while browsing the internet, he opened a website with malicious code. Advertisement While swapping assets on Jupiter, a top-tier Solana DEX, the trader was asked to approve the operation with his Phantom wallet. The nature of the approval seemed to be regular, while vague: I didn’t sign a transaction that moved my funds that day, I signed something that granted permission. That’s why the drain happened a few days later. The malicious code didn’t ask me to send SOL, that would have been too obvious. Instead, it asked me to “Authorize access,” “Approve account,” or “Confirm session.” As a result, the victim provided access to his wallet to a third party with full approval to act on his behalf. In a couple of days, the attackers moved all available funds. Community raises questions Thanks to the fact that the wallet was not the main storage of The Smart Ape, the losses only total $5,000 in equivalent. To prevent what he describes as a "man-in-the-middle" attack, the investor recommends all his followers to avoid discussing cryptocurrency involvement in public places and to use a mobile phone as a hotspot instead of public Wi-Fi networks. Advertisement Meanwhile, some followers are sure that this design of attack is impossible. To make it work, they said, the hotel network should use HTTP connection without encryption. The entire story looks like engagement farming to some skeptics, while others think that the funds might have been stolen in another way. Also, many observers noticed that no VPN was used while working with crypto. You Might Also Like Fri, 12/26/2025 - 12:53 Multimillion TrustWallet Hack: Here's What Is Known So Far By Vladislav Sopov As covered by U.Today previously, as a result of the December Trust Wallet incident, $7 million was stolen due to malicious code injected into a legitimate Chrome browser plugin.