Users of Phantom, a Solana-based crypto wallet, are being targeted by phishing scammers who attempt to steal private keys through fraudulent update requests. The attackers use pop-ups mimicking legitimate Phantom notifications, tricking users into revealing their seed phrases and granting full access to their wallets.
How the Scam Works
On Feb. 6, Web3 security platform Scam Sniffer issued a warning on X (formerly Twitter) about a new wave of phishing attacks targeting Phantom users. The scam follows this pattern:
- Fake Update Notification – A fraudulent pop-up appears, urging users to approve an “update extension” request.
- Signature Request – If the user approves the update, a second prompt appears, asking them to enter their seed phrase.
- Wallet Drain – Once the seed phrase is entered, scammers gain full access to the wallet and immediately transfer funds and NFTs out.
The scam mimics Phantom’s interface, making it harder for unsuspecting users to recognize it as fraudulent.
How to Spot a Fake Phantom Wallet Pop-Up
Scam Sniffer has provided several ways to identify phishing attempts:
- Right-Click Test – Phishing sites block right-click actions, while real Phantom wallet pop-ups do not restrict user interactions.
- Check the URL – Genuine Phantom pop-ups will always show “chrome-extension” in the URL, whereas scam pages cannot replicate this.
- Browser Window Behavior – Phantom’s real pop-ups act like system windows—they can be minimized, maximized, and resized. Fake ones stay locked inside the browser tab.
Rising Popularity of Phantom and Increased Scams
The attack comes at a time when Phantom wallet usage is surging, fueled by the growing popularity of Solana-based memecoins. According to DeFiLlama, Phantom’s 24-hour revenue from fees recently hit $470,000, surpassing Coinbase Wallet. On Jan. 19, Phantom recorded an all-time high daily revenue of $3.6 million.
As of 2024, Phantom has surpassed 10 million monthly active users and processed over 850 million transactions. On Feb. 6, the platform expanded its multicurrency support to include 16 different currencies, further boosting adoption.
Phantom’s growth has also attracted institutional interest. On Jan. 17, the company secured $150 million in a Series C funding round, led by Sequoia Capital and Paradigm, valuing it at $3 billion.
How to Stay Safe from Phantom Wallet Phishing Attacks
To avoid falling victim to phishing scams, Phantom users should follow these security measures:
- Never Enter Your Seed Phrase – Phantom will never ask for your seed phrase, especially during updates.
- Manually Update Extensions – If an update is needed, go directly to the official Phantom website or the Chrome Web Store.
- Use a Hardware Wallet – Storing funds in a hardware wallet adds an extra layer of security against online scams.
- Verify URLs and Pop-Ups – Ensure that “chrome-extension” appears in the pop-up URL and check for browser window behaviors.
- Stay Informed – Follow official Phantom social media channels for updates and warnings about scams.
Conclusion
The fake update phishing attack targeting Phantom users highlights the increasing sophistication of crypto-related scams. As Phantom’s adoption continues to grow, scammers are finding new ways to exploit unsuspecting users.
By staying vigilant, verifying updates, and following security best practices, Phantom users can protect their funds and avoid falling victim to fraudulent schemes.
