The blockchain security team Scam Sniffer issued a warning that phishing attackers are targeting users of the Solana wallet Phantom, using fake update pop-up windows in an attempt to steal private keys. Once users enter their seed phrase, their wallet assets may be fully controlled and stolen.
🚨 UPDATE: Sophisticated Seed Phrase Phishing Tactic!
Scammers now connect to REAL Phantom wallets first, then trick users with a fake "update extension" signature request. After approval, a FAKE modal appears demanding seed phrases.
⚠️ REMEMBER: NEVER enter seed phrases… https://t.co/Nvq3qxySa0 pic.twitter.com/aYwJgGNsqB
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 6, 2025
Table of Contents
ToggleFake update window becomes phishing attack tactic
Recently, phishing attackers have started targeting Phantom wallet users, using forged update signature requests to defraud investors. Scam Sniffer pointed out in yesterday's warning that these scammers can connect to users' Phantom wallets and pop up a fake signature window requesting users to perform an "Update Extension".
If users click to approve, a prompt demanding the input of the seed phrase will then appear. Once entered, the scammers can fully control the wallet assets and quickly transfer the funds.
Scam tactic analysis and prevention
This type of scam tactic is not new. At the end of January, Scam Sniffer had warned Phantom users that some malicious websites mimic the Phantom interface to lure users into entering their wallet's seed phrase on fake links.
The team suggests that users identify fake pop-ups in the following ways:
- Try right-clicking: Phishing sites often block the right-click function, while real Phantom wallet pop-ups do not.
- Check the URL: The real Phantom browser extension will display "chrome-extension", which phishing sites cannot imitate.
- Confirm window resizability: Real Phantom pop-ups can be resized, while phishing windows are locked within the browser tab and cannot be freely adjusted.
Phantom user count and transaction volume surge, become attack targets
With the influx of meme coin hype in the Solana ecosystem, the usage of the Phantom wallet has surged significantly, making it a prime target for hackers.
defillama data shows that Phantom's 24-hour transaction fee revenue is close to $470,000, surpassing Coinbase Wallet and MetaMask. On January 19th, its single-day revenue even reached a historic high of $3.6 million.
Currently, Phantom has over 10 million monthly active users and has accumulated over 850 million transactions.
In addition to business growth, Phantom has also performed well in the capital market. A few weeks ago, Phantom announced that it had raised $150 million in its Series C funding round, led by Sequoia Capital and Paradigm, with a valuation of $3 billion.
(Solana: Phantom announces $150 million investment from Sequoia and Paradigm)
How to protect Phantom wallet assets?
Finally, for Phantom wallet users, Scam Sniffer also recommends the following security measures:
- Avoid clicking on unknown update requests, as Phantom wallet updates are only released through official channels.
- Do not enter the seed phrase in suspicious windows, as Phantom official will never ask users to provide their private keys.
- Store major funds in a cold wallet to increase security.
- Install anti-fraud tools that can proactively block phishing sites.
As the Phantom wallet becomes a core infrastructure of the Solana ecosystem, the surge in its user count and transaction volume has also made it a prime target for scammers. This phishing attack shows that hackers are constantly innovating their scam tactics, and users need to be more vigilant and maintain basic security habits to prevent asset theft.
Risk Warning
Cryptocurrency investment is highly risky, and its price may fluctuate dramatically. You may lose your entire principal. Please carefully evaluate the risks.
