Cryptocurrency Scammers Targeting Phantom Wallet Users with Malicious Pop-ups
Phishing scammers are using deceptive tactics to target Phantom Wallet users, attempting to steal their funds through fake update requests.
Reports from Web3 security firm Scam Sniffer reveal that scammers are employing a new method to exploit Phantom Wallet users. By displaying deceptive pop-ups that resemble genuine update requests, scammers trick users into approving fake “update extension” requests. Subsequently, users are prompted to enter their seed phrases, providing scammers with unrestricted access to their funds.
As a precautionary measure, Scam Sniffer advises users to never disclose their seed phrases and to only update extensions through the official web store available on the Chrome browser.
Identifying Fake Pop-ups
Previously, malicious pop-ups were primarily found on fake websites imitating the Phantom interface. However, scammers have evolved their tactics by now connecting to real Phantom wallets, making their fraudulent attacks appear more legitimate. One way to distinguish these fake pop-ups is by observing their behavior – real Phantom wallet pop-ups can be minimized, maximized, and resized like system windows, whereas fake ones are confined within the browser tab.
Additionally, users can try right-clicking the link to test its authenticity. Phishing pages often disable this function to prevent users from inspecting URLs, while genuine Phantom pop-ups will not restrict this action.
Furthermore, users should verify the URL displayed in the pop-up, as legitimate Phantom extension pop-ups will show a Chrome extension:// prefix that phishing websites cannot replicate.
Recent Challenges for Phantom Users
Aside from phishing threats, Phantom users recently encountered difficulties following a critical bug introduced in an iOS update. This bug resulted in wallet resets and locked users out, necessitating the re-entry of their recovery phrases. While the issue was subsequently resolved, concerns were raised regarding the potential risks associated with unforeseen disruptions in non-custodial wallets.
Established in 2021 as a wallet on Solana, Phantom has since expanded its support to other blockchain networks, including Ethereum layer 2 Base and the Sui layer 1 network in recent months.
Last month, the company secured $150 million in a Series C funding round, with backing from prominent venture capital firms such as Sequoia Capital, Paradigm, and a16z Crypto.