Protecting its users from malicious attacks is a top priority, according to the developers of the popular Solana wallet.
After the most recent high-profile NFT hack, which this time took down tech entrepreneur Kevin Rose, the security benefits of self-custody wallets were again making the rounds on Crypto Twitter.
The creator of Proof and the Moonbirds NFT project was phished on Wednesday. The scammer sent Rose a message that utilised permissions he had already given to his MetaMask wallet on the OpenSea marketplace. When that message was signed, the thief used his privileges to thieve more than 40 NFTs from his wallet, such as an Autoglyphs NFT that was worth nearly $500,000!
In response to Rose’s tweet, the popular Solana-based crypto Phantom notified its users of a malicious website and blocked the site that had snared Rose. The developer of the wallet responded, “we got your back.”
“We’ve always done certain forms of blocking—initially manually through an open source blocklist, and then getting more automated and sophisticated over time,” Francesco Agosti, Phantom co-founder, and CTO said. “You need to keep up with scammers, who are coming up with new strategies all the time, to be effective.”
Phantom addressed phishing and scams in a blog post on Wednesday, claiming that the wallet has scanned over 85 million transactions and prevented over 18,000 wallet-draining transactions.
Phantom, according to Agosti, utilises manual and automated systems to maintain its website blocklist up-to-date, and the company blocks websites with suspicious characteristics.
Agosti acknowledged that Rose’s problem from yesterday was because he signed a message and not a transaction. Phantom does not currently scan messages, but Agosti stated that the firm is working on adding these features in a future release.
“You don’t have to change any settings; it’s all on by default,” he said. “You probably won’t notice it when using safe dApps, but it activates when you visit a website or try to submit a transaction we think is malicious.”
what are the different ways to phish?
Phishing is one of the most prevalent online attack patterns. They may arrive via email, social media, or text message. Wednesday, hackers compromised the Twitter account of the Robinhood exchange and launched a phishing attack impersonating the popular trading platform.
Regardless of the transmission method, phishing scams require users to respond in some way, such as by replying to a text message or by clicking a link that leads to a malicious website. And while any internet-connected device is a potential target, Agosti claims the Phantom wallet is prepared.
“Phishing is pretty constant—perhaps growing overall as more users enter the space and the opportunity becomes more attractive. In terms of actual scams—that fluctuates. Usually, what happens is that things are fairly stable for a while, and then scammers discover a new strategy that works well, and then the number of scams spikes as the ecosystem adapts to that new strategy. Kind of like an immune system,” he said.