Phantom Wallet has launched "Phantom Chat," an integrated messaging feature designed to transform the wallet into a comprehensive Web3 engagement platform. The feature allows users to communicate, share wallet addresses, and discuss transactions directly within the wallet interface, aiming to streamline coordination for DeFi, NFT trading, and on-chain interactions. Phantom emphasizes the feature is encrypted and requires user opt-in, with messaging kept separate from transaction authorization.
However, the launch has been marred by a significant security incident. Blockchain investigator ZachXBT revealed that an investor lost approximately $264,000 worth of Wrapped Bitcoin (wBTC) in a phishing attack enabled through Phantom Chat. The scam utilized address poisoning, where attackers send small transactions to a victim's wallet, hoping the victim will later copy the attacker's address from their transaction history when making a legitimate payment.
ZachXBT criticized Phantom's user interface, calling the messenger a "new method for people to get drained" and urging the wallet to filter out spam transactions to prevent such scams. Another user, Kill4h, reported losing $237 in two separate address poisoning attacks via the feature.
The incident has sparked broader calls for enhanced wallet security. Binance co-founder Changpeng Zhao previously advocated for wallets to automatically check if a receiving address is a known "poison address" and block the transaction, as well as filter out displaying low-value spam transactions. Security firms like Hacken and Cyvers emphasize the need for pre-transaction risk checks, address similarity detection, and clear warnings.
This event highlights the critical challenge for Web3 developers: balancing innovative product features that enhance user experience with rigorous security standards. As wallets evolve into multi-functional financial applications, their expanded capabilities must be accompanied by robust safeguards to maintain user trust in an ecosystem where phishing and social engineering remain prevalent threats.
