Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Blockchain investigator ZachXBT criticized the new feature of the Phantom wallet., 2026/02/10 16:40:51
Independent blockchain investigator ZachXBT has criticized the messaging tool of the Phantom wallet, known as Phantom Chat, which is set to launch this year. ZachXBT referred to the chat as “a new method for stealing funds from users.”
The on-chain detective indicated that Phantom has yet to address the issue related to “poisoned addresses.” ZachXBT highlighted an incident from last week where an individual lost 3.5 wBTC after copying a scammer’s address from their transaction history. This occurred because the Phantom user interface still fails to filter out spam transactions, leading users to copy incorrect addresses from recent activities, as the initial characters of the scammer’s address intentionally match the first digits of a previous legitimate transaction, ZachXBT noted.
Related Posts
In December, Phantom began testing an online chat feature developed in collaboration with the prediction platform Kalshi. ZachXBT expressed concerns that while messaging within the wallet, users might encounter scammers posing as trustworthy individuals and sending malicious links.
Address poisoning attacks typically start with attackers creating addresses that match the beginning and/or ending characters of the target address. The hackers then send small amounts of tokens to the victims, inserting the fraudulent address into the transaction history of the potential target. Before selecting a victim, scammers first scan the blockchain for active addresses. Most users are unable to remember full wallet addresses. In the Bitcoin network, addresses can range from 26 to 35 characters, while Ethereum addresses contain 42 characters. Instead of verifying each character, users may glance at the first and last digits, and upon noticing similarities, copy the incorrect address.
According to recent data from the blockchain security platform Scam Sniffer, in December, an unnamed investor lost $50 million due to such an attack, and in January, another user sent $12.2 million to a fraudulent address.
