Reading Time: 2 minutes
- Scammers are targeting Phantom wallet users with a fake update extension
- The extension pops up on the original Phantom application
- Interacting with the fake update extension allows the scammers to drain funds
Scammers have found a way to target real Solana-based Phantom wallet users with a fake update extension meant to drain funds from the wallet. Interacting with the extension leads to a signature request and later a window prompting wallet users to provide their seed phrases to allow the malicious actors full access to the wallet. Crypto anti-scam platform Scam Sniffer advised the wallet’s users to stop interacting with the update if they’re unsure whether the update request is genuine, which may reduce the amount stolen and the number of victims.
The “Right-Click Test”
Scam Sniffer provided a few pointers on how to detect fake extensions or scamming attempts. One of them is the “right-click test.” According to the anti-scam platform,“ phishing pages block right-clicking [but] real Phantom windows” allow it.
2/3 🔍 How to Spot Fake Popups:
1️⃣ Right-click test: Phishing pages block right-clicking. Real Phantom windows won’t restrict this.
2️⃣ Check the URL: Phantom’s native popup shows chrome-extension://… (web pages can’t fake this!).👉 If unsure, CLOSE the tab immediately! pic.twitter.com/3BHSvISWwb
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 31, 2025
The second way is to check whether the popup’s URL starts with “chrome-extension://” which is only found on genuine windows. Scam Sniffer said that “web pages can’t fake this” feature. Another thing that can help detect a fake Phantom update is the inability to minimize the popup.
A genuine popup allows resizing, unlike a fake window. Scam Sniffer disclosed that fake extensions “are trapped inside the browser tab.” The firm added that Phantom wallet users should take security seriously and never take entering “seed phrases lightly.”
It’s Not the Only Trick
Scam Sniffer said that scammers are likely to nab new crypto users with this trick. Others who commented on the alert acknowledged that fraudsters are “constantly refining their tactics to become more sophisticated.”
Fraudsters and scammers are constantly refining their tactics to become more sophisticated every day. Thanks for this @realScamSniffer
— monkeyast.eth (@0xMonkeyAst) February 6, 2025
The fake update extension’s trick comes a month after Kaspersky discovered that crypto scammers are sharing their wallets’ seed phases on public platforms to bait victims. It also comes two months after malicious actors were caught using Telegram verification bots to steal crypto.
With scammers continuously inventing new tactics, the amount stolen and the number of victims is likely to increase in 2025.
