- Trending
- Comments
- Latest
On-chain investigator ZachXBT criticized Phantom’s plans to launch an in-wallet chat feature, arguing the crypto wallet should prioritize fixing security vulnerabilities after a user lost 3.5 wrapped Bitcoin (worth approximately $150,000) by copying a spoofed address from their transaction history.
ZachXBT’s criticism centers on address poisoning, a scam technique that manipulates transaction histories to trick users into sending funds to fraudulent addresses. Responding directly to Phantom’s announcement about Phantom Chat, the investigator said the wallet still fails to adequately filter spam transactions, creating conditions for costly mistakes.
“A victim lost 3.5 WBTC last week since your UI still does not filter out spam txns users so they accidentally copied the wrong address from recent transactions since the first characters looked similar,” — ZachXBT, on-chain investigator, wrote on X.
The theft occurred last week, according to ZachXBT, and involved a spoofed address that appeared legitimate at a glance. The investigator also publicly identified the wallet address and transaction hash associated with the incident, highlighting how quickly attackers can exploit interface weaknesses. In his view, rolling out Phantom Chat without first addressing these issues could widen the attack surface for bad actors.
Address poisoning works by taking advantage of how users interact with wallet histories. According to wallet provider MetaMask, attackers send victims token transfers worth little or nothing, purely to insert deceptive “vanity addresses” into transaction records. These addresses are engineered to resemble real ones by matching the first and last characters.
Because most users do not memorize full wallet addresses, they often rely on partial visual checks. On major blockchains, Bitcoin addresses typically contain between 26 and 35 characters, while Ethereum-style addresses run to 42 characters. A quick glance at the beginning and end of an address can be enough to fool even experienced users.
MetaMask has likened the practice to traditional phishing, where criminals clone the look of trusted institutions to steal banking credentials. In crypto, however, the address itself becomes the disguise. ZachXBT emphasized that this behavior is more common than many assume, especially when users prioritize speed and convenience.
“Convenience (thefts happen way more frequently than you’d expect),” — ZachXBT replied after an X user questioned why anyone would copy old transaction addresses.
Critics argue that adding Phantom Chat could amplify these risks by giving scammers a direct communication channel inside wallets, making impersonation and social engineering easier.
Phantom has previously experimented with in-wallet communication. In December, it tested live chat features through a prediction markets partnership with Kalshi. While the company has framed Phantom Chat as a way to improve user engagement, security researchers warn that messaging tools can be abused to send malicious links or impersonate trusted contacts.
Some users say the warnings resonate with their own experiences. Reacting to ZachXBT’s findings, one X user described how a personal contact may have fallen victim to a wallet-related scam.
“Honestly, my exGF downloaded Phantom when Elon mentioned the companions I sent her like 200 bucks worth of Ani, and she said she got scammed because it went to zero … I assumed she clicked the wrong button somehow but never put the pieces together until now,” — an X user wrote.
Such anecdotes have fueled skepticism about whether Phantom Chat can be safely deployed without stronger safeguards. Critics argue that social features blur the line between wallets and social platforms, increasing the likelihood of manipulation.
Concerns around Phantom Chat come against a backdrop of escalating wallet-related scams across the crypto industry. Last December, a Solana user identified as Jack reported losing $9,000 after interacting with a fraudulent promotion. According to his account, the incident began with an Instagram advertisement promising fast returns, which redirected him to a fake website.
After approving what appeared to be a legitimate transfer, Jack’s wallet was drained by malicious code known as “SkyDrainer.” The site disappeared shortly afterward. Subsequent investigation linked the scam to underground forums advertising wallet drainers as a service, complete with hosting and cloaking tools.
Data from blockchain security firm Scam Sniffer shows that address poisoning and signature phishing were the largest sources of wallet-related losses in January. In one documented case, a single victim lost $12.2 million after copying a poisoned address.
As Phantom prepares to roll out Phantom Chat, ZachXBT and other observers say the focus should remain on mitigating these existing threats. Without stronger protections, they warn, new features could unintentionally make wallets more dangerous rather than more user-friendly.
