Phantom Chat under scrutiny after $264K address poisoning loss

A built-in messaging diagnostic successful the Phantom crypto wallet is drafting scrutiny from information researchers aft an capitalist mislaid astir $264,000 worthy of Wrapped Bitcoin successful what investigators described arsenic a phishing onslaught enabled by code poisoning.

Blockchain researcher ZachXBT shared blockchain information pointing to a unfortunate losing 3.5 Wrapped Bitcoin (wBTC) successful a suspected phishing onslaught tied to Phantom Chat.

The information shows a transaction wherever 3.5 WBTC was transferred from code “0x85c” to code “0x4b7” connected Wednesday, flagged arsenic a “high balance” code connected blockchain quality level Nansen. The transaction signifier is accordant with address poisoning, a phishing method that exploits users’ transaction histories alternatively than compromising backstage keys.

Scammers instrumentality victims into sending crypto to illicit wallets by archetypal sending them tiny transactions and hoping unsuspecting users transcript and paste the attacker’s code from their history.

ZachXBT urged Phantom to upgrade its idiosyncratic interface, calling the messenger diagnostic a “new method for radical to get drained,“ and informing that the app’s idiosyncratic interface did not filter retired spam transactions to debar users falling unfortunate to code poisoning scams.

Wallet “0x85c,” transactions. Source: Nansen

X idiosyncratic Kill4h besides reported falling unfortunate to 2 code poisoning attacks done the messenger feature, sharing a screenshot of 2 blockchain transactions woorth $136 and $101 successful USDC (USDC), respectively.

Related: Fake MetaMask 2FA information checks lure users into sharing betterment phrases

The unfortunate incidental is the latest reminder of the value of crypto wallet idiosyncratic acquisition for the information of investors.

Leading crypto manufacture figures, including Binance co-founder Changpeng Zhao, person previously called for amended wallet information measures to debar phishing scams, aft an capitalist mislaid $50 cardinal successful an code poisoning scam successful December 2025.

“All wallets should simply cheque if a receiving code is simply a ‘poison address,’ and artifact the user. This is simply a blockchain query,“ wrote Zhao successful a blog post successful December, adding:

“Lastly, wallets should not adjacent show these spam transactions anywhere. If the worth of the tx is small, conscionable filter it out.“

To debar communal crypto scams, Phantom recommends that users presume immoderate unsolicited tokens oregon NFTs sent to their wallet are portion of a scam and urges users ne'er to click connected links successful paid Google hunt results oregon societal media platforms promising escaped airdrops.

Cointelegraph has reached retired to Phantom for remark connected the incidental and details connected aboriginal idiosyncratic interface upgrades.

Scammers are sending copycat tokens to unsuspecting investors. Source: Phantom

Phantom announced the motorboat of its unrecorded chat diagnostic crossed tokens, perpetual futures and predictions pages connected Dec. 23.

Related: TRM Labs completes $70M concern circular astatine $1B, becomes crypto unicorn

Crypto investors request amended onchain information practices: cybersecurity experts

While spam filtering from crypto applications tin trim the hazard of code poisoning attacks, users request to halt copying wallet addresses from their transaction history, urged information steadfast Hacken’s Extractor team.

“Web3 users person to support a azygous root of information for recipient addresses (Address Book / List).“

Hacken besides pointed to a 12.3 cardinal Ether (ETH) code poisoning onslaught suffered by a wallet linked to Galaxy Digital connected Jan. 30, serving arsenic a reminder that adjacent organization participants tin autumn unfortunate to these scams.

While improved transaction practices tin assistance debar these scams, the crypto manufacture needs pre-emptive information alerts to eradicate poisoning attacks, Deddy Lavid, the CEO of blockchain cybersecurity institution Cyvers, told Cointelegraph:

“Real extortion requires pre-transaction hazard checks, code similarity detection, and wide warnings earlier users sign.“

Users whitethorn besides opt for wallets that supply real-time “firewall-style information simulation“ that shows however a transaction would hap earlier executed, explained the CEO.

Wallets that connection preemptive tools to filter for malicious transactions up of support see the Rabby Wallet, Zengo Wallet and Phantom Wallet.

Magazine: Meet the onchain crypto detectives warring transgression amended than the cops