A cryptocurrency investor suffered a significant financial loss after his digital wallet was compromised during a family stay at a luxury hotel. The incident, which resulted in the theft of approximately $5,000 in assets, was traced back to a series of security missteps centered around the use of the hotel’s public Wi-Fi network. The victim, who was using a Phantom wallet for daily transactions, connected his laptop to the hotel’s open Wi-Fi, which required only a captive portal for authentication. While browsing and performing routine tasks, including a token swap on the Jupiter Exchange platform, he was targeted by a hacker who had intercepted the network traffic. The attack unfolded as a sophisticated man-in-the-middle exploit. Malicious code injected into a seemingly normal website altered a transaction process on Jupiter Exchange. Instead of a swap confirmation, the code presented a disguised wallet authorization request. The prompt used vague technical language like “authorize access” or “approve account permissions,” rather than showing a direct fund transfer, which led the user to approve it mistakenly. This authorization granted a malicious external address the ability to operate on the wallet. The hacker, who had also reportedly eavesdropped on a nearby phone conversation about cryptocurrencies to identify the victim as a target, waited until after the victim checked out of the hotel to execute the theft. All Solana (SOL), other tokens, and NFTs within the compromised wallet were transferred out. The victim identified several critical errors that led to the breach: connecting to an unsecured public Wi-Fi instead of using a personal mobile hotspot; discussing sensitive financial matters in a public setting, potentially alerting nearby malicious actors; and failing to meticulously verify the details of the wallet authorization request before approving it, based on a false assumption of its legitimacy. Security experts emphasize that public Wi-Fi networks lack proper isolation between devices, making users vulnerable to interception and traffic manipulation. The case serves as a stark reminder for all digital asset holders to exercise extreme caution on public networks, scrutinize every wallet interaction regardless of context, and avoid revealing cryptocurrency affiliations in public spaces to mitigate risks of targeted attacks.