Solana’s Phantom Adds Safety Rails After Scammers Drain Wallets

Solana-based digital wallet Phantom has shored up its cyber defenses after weeks of user-reported scams that drained victims’ crypto token balances.

The wallet, analogous to Ethereum’s Metamask, exiled its “auto-approve” transaction feature to the back of the app, an Oct. 7 blog post said. It also cleaned up the user interface (UI) for transaction previews and said an anti-phishing website blocker is slated for future rollout.

“We need a way to protect users from losing their funds to the ever-growing number of phishing scams out there,” Phantom’s Chief Product Officer Chris Kalani told CoinDesk in an email.

Phantom’s security upgrades highlight the tug-and-pull between developers trying to simplify crypto’s user experience and scammers exploiting their shortcuts.

The auto-approve feature, for example, instantly initiated crypto transactions between wallets and trusted web apps. It cut out seconds by eliminating prompts for Phantom’s 700,000 users. That could be critical in time-sensitive scenarios, like minting a non-fungible token (NFT) or executing a decentralized exchange (DEX) trade.

But it was also a boon for scammers. In one well-documented case, scammers distributed links to a phony version of the Aurory NFT project’s minting website in the lead-up to a highly-anticipated drop.

“When users interacted with the wallet address that was listed on that phishing site, it would automatically sweep the funds out of that user’s wallet,” said Esteban Castaño, CEO of TRM Labs, which tracked the funds.

Phantom’s knee-jerk reaction to the Aurory debacle was a pledge to nuke auto-approve outright. Solana whales pushed back: Sam Bankman-Fried, CEO of cryptocurrency derivatives exchange FTX and a SOL booster, called for Phantom to preserve the “value” of auto-approvals with a middle-ground solution.

“We have a large community we need to accommodate for and this feature is widely used in the Solana ecosystem currently,” Kalani said.

Auto-approve will still be available to “advanced” users who enable it through Phantom’s app settings, he said.

Phantom’s upcoming phishing blocker will also look to protect wallet users. Kalani said the feature will try to block users from accessing suspicious websites with a history of pilfering coins. It will reference a user-generated list of websites.

“Our goal with this isn’t to police what users can and cannot see, it is meant to combat obvious phishing scams that are attempting to trick users,” he said.