Phantom

Solana Spaces will close New York and Miami stores 7 months after opening

Norby said the “experiment” was part of a plan to onboard more people onto Solana, but the stores didn’t bring in as many users as they initially hoped.

Solana Spaces will close down its two Solana (SOL)-themed, community-oriented retail stores in New York City and Miami at the end of the month, as the physical stores didn’t onboard as many users as initially anticipated.

Solana Spaces tweeted the news on Feb. 21, sharing a note from founder Vibhu Norby explaining the reasons behind the store shutdowns.

The following is a note from our founder, @vibhu.

Dear @solanaspaces community,

We’ve made the difficult decision to sunset our stores in NYC and Miami by the end of February, and to pivot our Solana onboarding efforts into digital products like DRiP, our free NFT product with… https://t.co/kjNu9Ay4Gk

— Solana Spaces (@solanaspaces) February 21, 2023

Norby — who founded Solana Spaces in early 2022 — explained that the company reached an “inflection point” with the stores, prompting them to shift its investment focus to “DRiP,” the firm’s new nonfungible token artwork airdrop platform.

“While our stores onboard between 500 and 1,000 people per week, DRiP onboards that same quantity EVERY DAY,” Norby said, explaining the decision to shift its investment focus.

The decision to close the shops — located in the Hudson Yards neighborhood of Manhattan and the Wynwood section of Miami — was made “a few weeks ago,” and they will “sunset” at the end of February, Norby said.

The ambitious initiative was relatively short-lived, with the two stores having only officially opened in late July and August in New York and Miami respectively.

Norby said the “experiment” was part of a broader plan to onboard more people into the Solana and Web3 ecosystem:

“Our endowed mission from day one was to experiment with new and disruptive models to bring people to Web3, and to serve the community on behalf of the Solana Foundation.”

“As I told people often, as awesome as the stores were, if we found a more efficient way to bring people into Solana, we would throw our efforts at that,” he added.

But as he has since realized, the firm’s efforts may achieve better results in the digital realm with DRiP.

The Solana-themed stores offered customers the opportunity to partake in all things from in-person wallet onboarding tutorials, earning rewards, merchandise shopping and attending events.

*Solana Space’s first store, located in New York. Source:* *Solana Spaces*

When Solana Spaces opened its first New York-based store in late July, Norby hoped the store would bring in more than 100,000 people to Solana per month.

However, Norby stated in his letter that only 75,000 people managed to walk into the store over the course of its seven-month tenure.

The startup was sponsored by the Solana Foundation, the Solana-based wallet provider Phantom and the native crypto exchange Orca, and while it didn’t work out, it did appear to have won over a lot of fans.

Just visited for my 2nd time a few days ago!
Thank you for the experience!
Every time I come to Miami I have to make a pilgrimage to SolanaSpaces pic.twitter.com/ugCqbSyIzg

— Investrepreneuer.sol (@LordHearMePray) February 15, 2023

Several Solana-native industry players, such as the videogame projects Star Atlas and Aurory, thanked Solana Spaces for its contribution to the ecosystem.

We’re sad to hear the news of @solanaspaces closing their Miami and NYC stores The events that Star Atlas attended and hosted there were beyond incredible!

Even so, we can’t wait to see what comes from their pivot to DRiP! https://t.co/4voal4yzfC pic.twitter.com/bXV8PKG6LE

— Star Atlas (@staratlas) February 21, 2023

The closure comes as the prolonged crypto winter has caused many industry-leading companies to lay off staff and close down offices all around the world.

Crypto wallets combat scammers with transaction previews and blocklists

New features aimed at protecting users come amid recent crypto thefts and phishing attacks targeted at well-known crypto executives and influencers.

United States-based crypto exchange Coinbase has become the latest crypto wallet provider to roll out transaction previews and blocklists amid a rise in crypto thefts.

On Jan. 30, the crypto exchange announced that it had integrated a new suite of safety features to its wallet app to make it easier for users to spot and take action on potential foul play from scammers.

Such integrations include a transaction preview feature that gives the user an estimation of how users’ “token and NFT balances will change” during a transaction before the confirm button is hit.

Wallet, Coinbase, Transactions, Phishing

The firm has also rolled out token approval alerts, which make it clear to the user when a decentralized application dApp is requesting approval to withdraw tokens and nonfungible tokens (NFTs).

Additionally, the firm has also introduced new layers of permission management that enable users to revoke DApp connections directly from the app to help minimize “exposure to potential vulnerabilities.”

The crypto exchange joins the ranks of several other crypto wallet providers that have either rolled out or announced similar features aimed at combating crypto scams and phishing attacks, including Solana-based Phantom, Web3 wallet provider Ember and Bitski.

Just two days after Moonbirds creator Kevin Rose admitted to losing $1.1 million in NFTs via a targeted phishing attack, Phantom reminded users on Jan. 27 that its wallets are protected with a number of security features which include transaction previews, an open-source blocklist, NFT spam reporting and burning.

The firm explained its transaction preview feature: “when you take an action in Phantom, like minting an NFT, we scan your transaction and proactively find anything that looks fishy. Website looks fishy? You get a warning. Trying to obfuscate code? Warning. Interacting with suspicious tokens? Warning.”

The open-source blocklist consists of a “community-maintained list of malicious domains” that Phantom blocks users from mistakenly connecting with.

12/ We’re proud of the security features we have implemented, but this is only the beginning.

We will continue to work tirelessly to protect our users with best-in-class security features, education, and support to make everyone’s journey through web3 safe, easy, and fun.

— Phantom (@phantom) January 26, 2023

Tweeting on the same day as Phantom, Web3 wallet provider Ember detailed the list of its own security tools.

The list includes translation previews, token and NFT locking to stop assets being drained as part of malicious transactions, and approval revoking.

5/7) As well, Ember allows you to lock your NFTs and tokens, which disables the ability to send or sell them until they have been unlocked which requires your authentication to do so

This means that if you do sign a malicious transaction, your locked assets can’t be drained

— Ember (@EmberWallet) January 27, 2023

On Jan. 24, Bitski also indicated that it was working on similar integrations via its 2.0 wallet, with product designer Jasmine Xu noting that this will cover “self custody, dapp browser, transaction simulation previews, notifications about account activity, in-app burner vault, and a bunch more in a few weeks.”

In its most recent blog post, Coinbase said in the coming weeks, the firm will launch a feature so that users can “view and revoke existing token balances.”

These types of features are important for crypto and NFT users, as scammers/hackers deploy a wide array of tools to hijack transactions and get funds sent to them instead of the originally intended destination.

Popular methods that dupe even experienced users include phishing attacks, scam airdrops directing people to click on malicious links, and malware.

Solana wallet fires up the grill to burn spam NFTs out of existence

The Phantom wallet app has launched a new Burn Token feature, allowing users to remove spam NFTs sent by scammers.

Solana-based wallet provider Phantom has launched a new burn feature allowing users to remove spam nonfungible tokens (NFTs) sent by scammers.

According to a Thursday blog post from the Phantom team, the new feature is accessible via the Burn Token tab in the Phantom wallet app, allowing users to receive a minuscule deposit of Solana (SOL) each time they use it:

“We’re still in the Wild West days of Web3. As the crypto ecosystem grows, so have the number of bad actors looking for ways to steal user’s funds. The rapid growth in popularity of NFTs has led to an increasingly prevalent method of attack for scammers – Spam NFTs.”

Phantom noted that the issue has been particularly prevalent on Solana due to its low transaction fees, with bad actors often airdropping supposedly free NFTs en masse, which contain malicious links.

Spam NFT generally prompts the receiver to click a link to mint a free NFT. If they complete the process, however, their funds end up being drained from their wallet. Alternatively, the link will ask the receiver to input their seed phrase, resulting in the same outcome.

“These scams are becoming increasingly more sophisticated. For instance, after a contract address and domain are identified as malicious, scammers can change the metadata of an NFT to try to avoid being blocklisted. It can feel like an endless game of whack-a-mole,” the blog post read.

The move is part of a broader initiative by Phantom to counter spam NFTs and bad actors in the space. The team stated that it also fights scammers through its phishing warning system, which issues warning to users on “any malicious transactions that could compromise their assets or permissions” after clicking on dubious links.

5/ While we’re introducing NFT burning and improved phishing alerts today, we’re not stopping there. Users can look forward to more automated spam detection in the future.

To read more about how we’re fighting wallet spam, check out our latest blog post:https://t.co/OZYOEvVIFH

— Phantom (@phantom) August 17, 2022

The post added that Phantom is currently collaborating with Blowfish to improve how “we alert users to phishing attempts.”

“While we’re introducing NFT Burning today, we’re not stopping there. Users can look forward to more automated spam detection in the future. Using providers like SimpleHash and our own internal reporting, we will be able to gauge if an NFT is likely to be spam,” the post read.

Phantom is one of the most popular wallet providers for Solana-based NFTs and decentralized fiance (DeFi), with more than 2 million monthly active users, according to the firm.

At the start of August, competing wallet firm Slope suffered a security exploit that saw an estimated $8 million worth of funds drained on the Solana blockchain.

In a post-mortem analysis, Solana’s head of communications, Austin Fedora, found that 60% of the victims of the attack were Phantom users, despite the issue originating from Slope.

Solana hosted the second largest amount of NFT sales volume in July at $56.1 million, behind only Ethereum, which posted a whopping $535.6 million, according to data from CryptoSlam.

Slope wallets blamed for Solana-based wallet attack

Web3 wallet provider Slope has been connected to the recent hack of Solana-based wallets.

As the dust settles from yesterday’s Solana ecosystem mayhem, data is surfacing that wallet provider Slope is largely responsible for the security exploit that stole crypto from thousands of Solana users.

Slope is a Web3 wallet provider for the Solana layer-1 (L1) blockchain. Through the Solana Status Twitter account on Wednesday, the Solana Foundation pointed the finger at Slope, stating that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

— Solana Status (@SolanaStatus) August 3, 2022

Solana co-founder Anatoly Yakovenko also linked Slope wallets to the hack in his own personal Twitter account. He advised users to regenerate a seed phrase from a service other than Slope as soon as they can. He also told an affected user to “Start practicing the cold/hot wallet separation.”

Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.

— SMS aey.sol, (@aeyakovenko) August 3, 2022

The Solana-based wallet exploits first surfaced on Tuesday after the community began reporting that their crypto wallets were being drained of their Solana (SOL) and other tokens. It is estimated that roughly $8 million in crypto was stolen from nearly 8,000 wallets.

Through its investigation, the Solana Foundation determined that the private keys for each of the wallets compromised in the exploit were “inadvertently transmitted to an application monitoring service” such as Slope.

It added that there was no evidence to suggest the Solana protocol or its cryptography was at risk from the attack.

Some reports abound that Slope may have logged user seed phrases on its centralized servers. The servers could have been compromised and leaked seed phrases, which a hacker could use to execute transactions.

Earlier reports of the attack on the day said that users of Slope and Phantom hot wallets were being targeted, leading many to believe there could be a broader issue with the Solana protocol. However, a further analysis shared by Solana’s head of communications Austin Fedora found that the problem was isolated to just hot wallets.

Fedora said that while 60% of the victims of the attack were Phantom users, those affected did not generate their seed phrase using Phantom.

We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn’t find a single Phantom-forever user who had their wallet drained

— Austin Federa | sms (@Austin_Federa) August 3, 2022

Slope issued a statement addressing the status of its ongoing investigation into the incident on Wednesday, confirming that “A cohort of Slope wallets were compromised in the breach,” including some belonging to its own staff.

The team urged users of Slope wallets to generate a new unique seed phrase and transfer all funds to it rather than keeping any funds on old wallets which could still be exploited later on. The Phantom team stepped up the warning by advising users to move their assets to a new non-Slope wallet.