According to PANews, phishing scammers are targeting users of the Solana-based crypto wallet, Phantom, by using fake pop-up windows that mimic legitimate update requests to steal private keys. On February 6, Web3 scam detection platform Scam Sniffer issued a warning on the X platform, highlighting that scammers are connecting to genuine Phantom wallets and attempting to deceive users with a fraudulent 'update extension' signature request. If victims approve this request, a prompt appears asking them to enter their mnemonic phrase. Once entered, scammers gain full access to the wallet and can transfer its funds.
To identify malicious pop-ups, Scam Sniffer advises users to right-click on links, as phishing pages typically block this action, whereas genuine Phantom wallet windows do not restrict it. The platform also recommends checking the URL, noting that authentic Phantom pop-up links contain 'chrome-extension,' a detail that scam pages cannot replicate.
