Crypto scammers are targeting Phantom wallet users with fake pop-ups designed to steal their private keys.
These fraudulent messages look like official update requests, which trick users into handing over sensitive information.
In a February 6 post on X, Scam Sniffer, a Web3 scam detection platform, warned that attackers were connecting to real Phantom wallets and displaying fake “update extension” requests.
Did you know?
Subscribe - We publish new crypto explainer videos every week!
How do Cryptocurrency Exchanges Work? (Easily Explained!)
If a user approved the request, another prompt appeared, asking for their recovery phrase. Entering this phrase would give scammers full control of the wallet, which allows them to drain its funds.
To help users spot scams, Scam Sniffer suggested right-clicking on links before clicking. Fraudulent websites often disable right-clicking, while real Phantom pop-ups do not. Another key tip is checking the URL—legitimate Phantom pop-ups include “chrome-extension” in the address.
There are also differences in how the pop-ups behave. “Phantom’s pop-ups act like system windows: you can minimize, maximize, and resize them,” Scam Sniffer explained. Fake ones, however, remain fixed inside the browser tab, which makes them easy to recognize.
This was not the first warning. On January 31, Scam Sniffer reported that some malicious websites had been displaying pop-ups designed to mimic Phantom’s interface. These fake prompts asked users to enter their seed phrase, pretending it was needed for a connection request.
Meanwhile, Kaspersky Labs recently discovered malware hidden inside app development kits, targeting both Android and iOS users. What is it? Read the full story.
