Web3 security experts at Scam Sniffer have discovered a new phishing scheme targeting Phantom Wallet users. Scammers distribute fake notifications about the need to update the extension. If the user agrees, the pop-up asks for the seed phrase, which allows the attackers to completely steal the funds.
Scam Sniffer recommends that users never disclose seed phrases and only download updates through the official Chrome extension store.
Previously, such attacks were limited to fake websites that copied the Phantom interface. However, now scammers are finding ways to interact with real wallets, making their fake requests more convincing.
You can recognize fake pop-ups by their behavior. Genuine Phantom Wallet windows behave like system elements – they can be minimized, maximized, and resized. Fake windows remain within the browser tab and cannot be resized.
You may also be interested in: Jupiter has restored the official X account after MEOW scam
Another way to spot a fake is to try right-clicking on a link. Phishing sites often disable this feature to prevent users from checking the URL. Genuine Phantom pop-ups do not have such restrictions.
However, phishing is not the only problem for Phantom Wallet users. A recent iOS update resulted in a critical crash that reset wallets and locked users out and forced them to re-enter their seed phrases. Although the bug has been fixed, the incident has raised concerns about the risk of unexpected crashes in non-costodial wallets.
Phantom launched in 2021 as a wallet for Solana, but has since expanded support to Ethereum layer 2 Base and the Sui network.
Last month, the company raised $150 million in a Series C funding round that included participation from major venture capitalists including Sequoia Capital, Paradigm, and a16z Crypto.