Cryptocurrency scammers are targeting Phantom Wallet users via malicious pop-ups that look like genuine update requests.
According to Web3 security firm Scam Sniffer, phishing scammers are using a new tactic to drain Phantom Wallets by tricking users into signing fake “update extension” requests. Once approved, the pop-up prompts them to enter their seed phrase, which, if provided, gives scammers full access to their funds.
Scam Sniffer advised users never to disclose their seed phrases and only update extensions via the web store available on the Chrome browser.
Previously, such popups were limited to malicious websites mimicking Phantom’s interface. Now, scammers are connecting to real Phantom wallets, making their attacks look even more convincing.
One way to spot these fake pop-ups is by checking how the window behaves. Real Phantom wallet pop-ups act like system windows that can be minimized, maximized, and resized. Fake ones, however, are stuck inside the browser tab.
Another trick is to try right-clicking the link, as phishing pages typically disable this function to stop users from inspecting URLs, while real Phantom pop-ups won’t restrict it.
Users should also check the URL as genuine Phantom extension pop-ups will display a Chrome extension:// prefix, which phishing websites can’t fake.
Phantom users have recently faced more than just phishing threats. A recent iOS update introduced a critical bug that reset wallets and locked users out, forcing them to re-enter their recovery phrases. While the issue was later patched, some users who lost access to their funds raised concerns over the risks of unexpected disruptions in non-custodial wallets.
Launched in 2021 as a wallet on Solana, Phantom has since expanded to other chains like Ethereum layer 2 Base and layer 1 network Sui over the past months.
Last month, the firm raised $150 million in a Series C round backed by venture capital giants, including Sequoia Capital, Paradigm, and a16z Crypto.
Read the full article here