Phantom Wallet

Fake Solana wallet security update is trying to steal your crypto: Reports

Password-stealing malware is being spread by hackers through NFT airdrops purporting to be Solana Phantom security updates.

For the last two weeks, unknown hackers have been airdropping nonfungible tokens (NFTs) to Solana cryptocurrency users masquerading as a new Phantom wallet security update. However, instead of an update, it’s malware designed to steal their crypto.

According to BleepingComputer, the hackers are claiming to be from the Phantom team and using NFTS titled PHANTOMUPDATE.COM or UPDATEPHANTOM.COM.

After opening the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded by using the enclosed link or the listed website.

To add urgency, the message claims that failing to download the fake security update, “may result in a loss of funds due to hackers exploiting the Solana network.”

The fake NFTs being used to spread malware. Source: BleepingComputer

The urgency piece is likely related to the Solana-based wallet hack, which saw roughly $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope. 

Should a victim follow the fake Phantom update instructions, the process ends with malware being downloaded from GitHub which attempts to steal browser information, history, cookies, passwords, SSH keys and other information from the user. 

Users who may have inadvertently fallen prey to this scam are recommended to take security precautions such as scanning their computer with antivirus software, securing crypto assets and changing passwords on sensitive platforms such as bank accounts and crypto trading platforms.

Related: Blockchain security firm warns of new MetaMask phishing campaign

In the past, similar malware-spreading campaigns have employed malware dubbed Mars Stealer to steal crypto from unsuspecting users.

An upgrade of the information-stealing Oski trojan of 2019, Mars Stealer targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.

Solana wallet fires up the grill to burn spam NFTs out of existence

The Phantom wallet app has launched a new Burn Token feature, allowing users to remove spam NFTs sent by scammers.

Solana-based wallet provider Phantom has launched a new burn feature allowing users to remove spam nonfungible tokens (NFTs) sent by scammers.

According to a Thursday blog post from the Phantom team, the new feature is accessible via the Burn Token tab in the Phantom wallet app, allowing users to receive a minuscule deposit of Solana (SOL) each time they use it:

“We’re still in the Wild West days of Web3. As the crypto ecosystem grows, so have the number of bad actors looking for ways to steal user’s funds. The rapid growth in popularity of NFTs has led to an increasingly prevalent method of attack for scammers – Spam NFTs.”

Phantom noted that the issue has been particularly prevalent on Solana due to its low transaction fees, with bad actors often airdropping supposedly free NFTs en masse, which contain malicious links.

Spam NFT generally prompts the receiver to click a link to mint a free NFT. If they complete the process, however, their funds end up being drained from their wallet. Alternatively, the link will ask the receiver to input their seed phrase, resulting in the same outcome.

“These scams are becoming increasingly more sophisticated. For instance, after a contract address and domain are identified as malicious, scammers can change the metadata of an NFT to try to avoid being blocklisted. It can feel like an endless game of whack-a-mole,” the blog post read.

The move is part of a broader initiative by Phantom to counter spam NFTs and bad actors in the space. The team stated that it also fights scammers through its phishing warning system, which issues warning to users on “any malicious transactions that could compromise their assets or permissions” after clicking on dubious links.

The post added that Phantom is currently collaborating with Blowfish to improve how “we alert users to phishing attempts.”

“While we’re introducing NFT Burning today, we’re not stopping there. Users can look forward to more automated spam detection in the future. Using providers like SimpleHash and our own internal reporting, we will be able to gauge if an NFT is likely to be spam,” the post read.

Related: Crypto spam increases 4,000% in two years — LunarCrush

Phantom is one of the most popular wallet providers for Solana-based NFTs and decentralized fiance (DeFi), with more than 2 million monthly active users, according to the firm.

At the start of August, competing wallet firm Slope suffered a security exploit that saw an estimated $8 million worth of funds drained on the Solana blockchain.

In a post-mortem analysis, Solana’s head of communications, Austin Fedora, found that 60% of the victims of the attack were Phantom users, despite the issue originating from Slope.

Solana hosted the second largest amount of NFT sales volume in July at $56.1 million, behind only Ethereum, which posted a whopping $535.6 million, according to data from CryptoSlam.