Crypto investors beware—scammers are getting more creative in their attempts to drain digital wallets. 

A new phishing attack is targeting users of the Solana-based Phantom wallet, tricking them into revealing their seed phrases through fraudulent pop-ups that mimic legitimate update requests.

According to a Feb. 6 warning from Web3 scam detection platform Scam Sniffer, fraudsters are using an advanced method to gain access to users' funds. 

The scam starts when attackers connect to real Phantom wallets, making the interaction appear legitimate. Then, they prompt the user with a fake “update extension” signature request. If approved, another deceptive modal appears, demanding that the user enter their seed phrase—giving scammers full control over the wallet.‍

Fake Popups Mimicking Phantom Wallet

This isn't the first time Phantom users have been targeted. In late January, Scam Sniffer flagged another attack where malicious websites generated pop-ups nearly identical to Phantom’s interface. These fraudulent pop-ups trick users into entering their seed phrase under the guise of a connection request.

To help users identify phishing attempts, Scam Sniffer advised checking for certain warning signs. Phishing pages often disable right-clicking, whereas legitimate Phantom wallet popups do not. 

A real Phantom popup will display a “chrome-extension://” link, which web pages cannot replicate. Authentic Phantom popups function like system windows, allowing users to minimize, maximize, and resize them, while fake ones remain trapped within a browser tab.

Security experts stress that users should never enter their seed phrases on any website, no matter how convincing the request appears. Phantom does not ask for seed phrases during connection requests, and any such prompt should be treated as a red flag.

With phishing scams becoming increasingly sophisticated, crypto users must stay vigilant. Scam Sniffer and other security experts advise closing suspicious tabs immediately and verifying all wallet interactions before approving any requests.