A new wave of phishing attacks has emerged, specifically targeting users of Phantom Wallet through deceptive fake update pop-ups.
According to Scam Sniffer, a Web3 anti-scam organization, scammers are exploiting real Phantom wallets by using fake “update extension” signature requests.
Once a user approves the malicious request, they are prompted with a follow-up message asking for their seed phrase.
If the seed phrase is entered, the scammers gain full control of the wallet, enabling them to steal all assets within.
Scam Sniffer Alerts the Community to Protect Against Phishing
Scam Sniffer has issued an urgent warning on the X platform, advising Phantom Wallet users to be vigilant against these new phishing techniques.
The organization clarified that Phantom will never ask users for their seed phrase, stressing that such a request should always be considered suspicious.
The scam works by tricking users into interacting with fake pop-ups that resemble legitimate Phantom update requests.
After the user engages with the fraudulent prompt, a deceptive modal window appears, asking for their seed phrase.
Scam Sniffer reinforced the critical rule of wallet security: users should never enter their seed phrase on any website, as Phantom will never request it for wallet connections.
Also Read: Despite Rise in Account Compromises, Crypto Hacking Losses Fall to $98M in January: Report
How to Identify Fake Phantom Wallet Pop-Ups
To help users identify and avoid falling victim to these phishing attacks, Scam Sniffer provided several strategies for distinguishing legitimate requests from fraudulent ones.
One useful technique is the right-click test—malicious websites often disable the right-click function, while genuine Phantom pop-ups will not.
Another key indicator is the URL structure: legitimate Phantom update prompts will display a “chrome-extension://…” prefix, which cannot be replicated by standard websites.
Users are advised to immediately close any suspicious tabs and refrain from interacting with unknown pop-ups, as these scams are designed to steal private wallet credentials.
Escalating Phishing Threats in the Web3 Ecosystem
The Phantom Wallet scam is part of a growing trend of sophisticated phishing attacks targeting cryptocurrency wallets in the Web3 ecosystem.
As decentralized finance (DeFi) platforms become more popular and crypto adoption continues to rise, cybercriminals are becoming more adept at using social engineering tactics to exploit unsuspecting users.
Experts urge crypto users to remain vigilant, always double-check URLs, avoid engaging with unexpected pop-ups, and rely on official channels for wallet updates.
Strengthening awareness around security practices is essential in safeguarding digital assets and protecting against phishing scams and other fraudulent activities within the cryptocurrency and DeFi space.
Recent Industry Hacks and Security Concerns
The phishing attack targeting Phantom Wallet is not an isolated incident, as the cryptocurrency industry has seen several high-profile hacks in recent weeks.
For example, Xeggex, a cryptocurrency exchange, locked down user wallets after the CEO’s account was compromised, causing widespread panic among users.
Similarly, JupiterDAO recovered its official X account following a hack, launching a security audit to prevent future breaches.
In another case, Canadian citizen Andean Medjedovic is facing charges for allegedly exploiting vulnerabilities in decentralized exchanges, stealing $65 million in DeFi assets.
These incidents serve as a stark reminder of the ongoing security challenges in the crypto industry and the importance of staying vigilant against evolving cyber threats.