Phishing scammers targeting users of Phantom wallets with fake update alerts

Phishing scammers are targeting Phantom wallet users by attempting to gain access to their wallets’ private keys through fake pop-ups that spoof legitimate updates requests. 

A warning has been issued by the scam detection platform Scam Sniffer. In a Feb. 6 post on the social media platform X, Scam Sniffer said that cyber criminals were connecting to legitimate Phantom wallets and attempting to trick users to expose their private keys with a fake “update extension” signature request. 

Phantom wallet becoming a target for scammers as popularity surges

A potential reason Phantom wallet users are being targeted by scammers could be because the application has observed rapid user adoption recently, particularly in the expanding Solana meme coin market. 

According to DeFiLlama, Phantom’s revenue from transaction fees has been over $470,000 in the last 24 hours, exceeding Coinbase Wallet. This is after the daily revenue for Phantom peaked at $3.6 million on Jan. 19.

Additionally, the Solana-based crypto wallet currently boasts more than 10 million monthly active users and processed more than 850 million transactions in 2024 alone. Phantom just added multi currency support for 16 different currencies as well, and raised $150 million in a Series C investment round headed by Sequoia Capital and Paradigm, valuing the firm at $3 billion, according to a Jan. 17 announcement by the wallet’s team.

Crypto holders lose $10.25 million to phishing attacks in January

Scam Sniffer’s warning around phishing attacks targeting Phantom wallet users follows a Feb. 4 X thread posted by the platform that revealed 9,220 victims lost $10.25 million to phishing attacks in January. This was a 56% drop from the $23.58 million that was lost through this type of attack in December 2024.

🚨 ScamSniffer January 2025 Phishing Report
9,220 victims lost $10.25M to crypto phishing scams last month, a 56% drop from December 2024 ($23.58M).

While losses fell, malware threats surged—though this report covers only wallet-draining phishing signatures. 🧵 [1/6] pic.twitter.com/DW00yPdBTo

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 4, 2025

The platform said that Ethereum (ETH) investors were hit the hardest, with holders of the leading altcoin losing more than $8.6 million in January, accounting for approximately 80% of the funds that were stolen. The rest of the crypto that was stolen was from other blockchains including BNB Chain, Arbitrum, Polygon and Optimism. 

Earlier in the year, on Jan. 31, Scam Sniffer took to X to warn investors about about the fake Phantom wallet popups. It urged users to never enter their recovery phrase on any website. It also said that investors can take steps to identify potential scam websites when in doubt.

Some of the preventative actions mentioned by Scam Sniffer is to try and right-click on a website, because scam websites remove the ability for visitors to right-click. Another step users can take is to verify the URL. In the case of Phantom wallet, native popups for the application start with “chrome-extension://…”

Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here