PHANTOM SECURITY REPORT DRAFT
=================================
TO: security@phantom.app
SUBJECT: Compromised Wallet Report — Unauthorized USDC Withdrawal (Aug 18, 2025)

---

Hi Phantom Security Team,

I am writing to report an unauthorized transaction that occurred on my Phantom wallet on August 18, 2025. I did not authorize any of the outgoing transfers made that day.

--- INCIDENT DETAILS ---

Victim Wallet Address:
2iNeQTsYhenL4hHpEKxaXetpgyj8zbq5CKwSLS7UWmoK

Transaction Hash (unauthorized withdrawal):
3qtLnLgigXro9bfkWYhtseBgLMvdrLLAJTMXheBzTdvgAk8o9xgdcJuofGmBJWSRxMfsJn1Bhd7YsPcW4BW88T4A

Suspected Hacker Wallet Address:
AY5duLZdCivqgaDswsoohJAzb5xLS5E9WTXRYtNR5zBN

Amount Stolen: 1,495 USDC
Date/Time: August 18, 2025 at approximately 05:27-05:30 PM UTC

--- WHAT HAPPENED ---

On August 18, 2025, I received +1,495 USDC via DeFiTuna lending. Shortly after (within minutes), an unauthorized transfer of 1,495 USDC and 0.002039 SOL was made from my wallet to the above suspected hacker address. I did not initiate or authorize these transactions.

The likely attack vector: my wallet seed phrase was stored as a screenshot inside my email account, which had been compromised (Google issued multiple critical security alerts in July-August 2025). The attacker accessed my email, retrieved the seed phrase, imported my wallet, and drained the funds.

I have since secured my email account and will be creating a new Phantom wallet. I am also reporting this to the FBI IC3 (ic3.gov) for the record.

Best regards,
Melanie Elver
melanie.elver28@gmail.com