Scammers Target Phantom Wallet Users with Fake Update Pop-Ups in Phishing Attack

Phishing attackers are targeting users of the Solana-based Phantom wallet through deceptive pop-ups that mimic legitimate update requests. These fraudulent prompts aim to steal private keys and drain cryptocurrency holdings from unsuspecting victims.

On February 6, Web3 scam detection platform Scam Sniffer issued a warning on X (formerly Twitter), alerting the crypto community to a new wave of Phantom Wallet phishing scams. The attackers connect to real Phantom wallets and trick users with a fake “update extension” signature request.

If the victim approves the request, a second prompt appears, asking them to enter their seed phrase—a critical security code that grants full access to the wallet. Once entered, scammers can take complete control and drain the wallet’s funds within seconds.

A Growing Threat to Phantom Wallet Users

The Phantom Wallet phishing scam has been evolving in recent weeks. In late January, Scam Sniffer warned that malicious websites were imitating Phantom’s interface to deceive users. These fraudulent sites displayed pop-ups prompting users to enter their seed phrase under the guise of a connection request.

This method, known as social engineering, preys on users’ trust and familiarity with the Phantom Wallet interface. It’s a highly effective tactic because it exploits human behavior rather than technical vulnerabilities.

According to blockchain security firm CertiK, phishing attacks are one of the leading causes of crypto wallet breaches. In January alone, phishing scams accounted for millions in stolen funds across multiple Web3 platforms.

How to Spot a Phantom Wallet Phishing Scam

To help users protect their assets, Scam Sniffer shared key warning signs to identify fake Phantom wallet pop-ups:

Right-Click Test

Legitimate Phantom wallet windows allow right-clicking, whereas phishing pages often disable this function. If right-clicking is blocked, it’s likely a scam.

URL Inspection

Genuine Phantom pop-ups display “chrome-extension” in the URL—something fake scam pages cannot mimic. Always check the browser bar before interacting with pop-ups.

Window Behavior

Phantom’s real pop-ups act like system windows—they can be minimized, maximized, and resized. Fake ones are trapped inside the browser tab, making them easy to spot.

Transaction Previews

Phantom wallets include security features like Blowfish-powered transaction previews, which warn users about potential phishing risks. These alerts can prevent scams before they happen.

Phantom Wallet’s Growing Popularity Attracts Hackers

Phantom wallet’s increasing adoption has made it a prime target for cybercriminals. The wallet’s 24-hour revenue from fees has averaged $470,000 per day, surpassing Coinbase Wallet, according to DeFiLlama.

On January 19, Phantom’s daily revenue hit an all-time high of $3.6 million, driven by the rising popularity of Solana-based memecoins and decentralized applications.

With over 10 million monthly active users and 850 million total transactions recorded in 2024, Phantom has become one of the most widely used crypto wallets. Its Series C funding round, led by Sequoia Capital and Paradigm, raised $150 million, valuing the company at $3 billion.

This rapid growth has not gone unnoticed by scammers, who see Phantom’s large user base as a goldmine for phishing attacks.

How to Stay Safe from the Phantom Wallet Phishing Scam

Phantom has been proactive in enhancing security and educating users on best practices. Here’s what you can do to protect yourself:

Never Share Your Seed Phrase

Your seed phrase is the key to your crypto wallet. No legitimate update or platform will ever ask for it. If a pop-up requests it, it’s a scam.

Verify the Source Before Signing

Always double-check the URL and verify that you’re on the official Phantom Wallet platform before approving any transactions.

Enable Security Features

Phantom has built-in protections like transaction previews and phishing detection tools. Ensure these are enabled in your wallet settings.

Use a Hardware Wallet

For added security, consider storing your assets in a hardware wallet rather than keeping them in a hot wallet connected to the internet.

Report Suspicious Activity

If you encounter a Phantom Wallet phishing scam, report it immediately via Phantom’s official help center. (help.phantom.app)

Crypto Security Experts Weigh In

Richard Ma, CEO of Quantstamp, a blockchain security firm, emphasized the importance of user awareness:

“Crypto phishing scams are getting more sophisticated. Users need to be cautious and verify every transaction before signing. Never enter your seed phrase into a pop-up or website—your funds could be gone instantly.”

Meanwhile, Scam Sniffer’s security team warned that phishing attacks will continue to evolve:

“Attackers are always finding new ways to bypass security measures. It’s crucial to stay informed and use every available security tool to protect your assets.”

The Phantom Wallet phishing scam is the latest example of how cybercriminals are targeting crypto users with deceptive tactics. By posing as legitimate update requests, these phishing attacks trick users into revealing their seed phrases, giving hackers full control over their funds.

As Phantom Wallet continues to grow, so does the threat of phishing scams and social engineering attacks. Staying vigilant, using security best practices, and verifying every transaction can help users avoid falling victim to these schemes.

Get more from The Bit Gazette