Phantom has released a new update for its Google Chrome Extension in order to protect Solana’s community and make trading more secure for its users.
The ‘auto-approve’ toggle, which was enabling scammers to approve multiple transactions at once and drain user wallets, has been finally removed.
More information is also being displayed regarding the transaction before it is approved.
According to Phantom, malicious actors used to host a copy-cat NFT drop at a domain that is spelled similarly to the original but instead of minting an NFT, will drain the user’s wallet of all its funds.
The fraudsters were pretending to be support representatives in a Discord or Telegram channel and persuading users to copy their ‘secret recovery phrase’ into a form, so that they have access to all of the accounts, and all assets.
Scammers were also faking wallet applications, perhaps named similarly to a popular one (such as Phantom), and take all of the user’s assets once they had ‘restored’ the wallet.
In the coming weeks, Phantom plans to roll out even more robust security features, such as blocking websites that are considered malicious and redirect users to a warning page.
Last week, Solana NFT enthusiasts were left gobsmacked after a supposed 17-year-old digital artist allegedly took 1,000 SOL in a fake NFT project.
Iconics had promised to produce 8,000 NFTs in the form of randomised 3D artworks of busts with a range of attributes. The project was due to launch on September 30, with 2,000 NFTs available for 0.5 SOL to those who had early access via a presale.
However, during the last few months, the Solana ecosystem has seen tremendous growth. The total value locked in DeFi protocols has climbed to $10 billion, the market capitalisation of NFTs has reached $1 billion, and of course, Phantom has far surpassed half a million weekly active users.
Crypto to be more and more resilient – Kalani
Coin Rivet spoke with Chris Kalani, CPO and co-founder at Phantom about scams and hacks within the crypto sector.
Kalani confirmed crypto was still a very nascent industry and much of it is still evolving.
“Developers are working incredibly hard to fix these bugs in the system as they happen and are deploying updates at a very rapid speed to address security vulnerabilities,” he said.
“We think that these events come naturally as more people are entering the space and engaging with all of the technology. Over time, crypto will become more and more resilient.”
According to Kalani, the best way for the users to protect themselves from phishing attacks is DYOR – making sure you do your own research before aping into different projects.
“Users should also be wary of messages on widely-used apps like Telegram, Twitter, Discord,” he added.
Talking about Phantom wallet specifics, Kalani stressed that most wallets show users very basic and often very technical information about a transaction before they sign it.
“With Phantom, each transaction is run through a simulation to see what changes will be made to your wallet balance before you actually approve the transaction,” he explained.
“We then display the expected outcome of the transaction in a way that is easy for everyone to understand.
Users should know what is about to happen to their money before they click a button.
“We believe this update will go a long way toward making crypto safer and less scary for the average user.”
Phantom will also be retiring Discord and Twitter as support channels.
From now on, its 500k+ weekly active users will be able to access a dedicated help Centre, which is where the project recommends being the only channel to engage Phantom support.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.