Phantom Chat is under scrutiny after a phishing attack drained $264,000 in Wrapped Bitcoin, renewing concerns over wallet UX and address poisoning scams.
A built-in messaging feature in the Phantom crypto wallet is drawing scrutiny from security researchers after an investor lost about $264,000 worth of Wrapped Bitcoin in what investigators described as a phishing attack enabled by address poisoning.
Blockchain investigator ZachXBT shared blockchain data pointing to a victim losing 3.5 Wrapped Bitcoin (wBTC) in a suspected phishing attack tied to Phantom Chat.
The data shows a transaction where 3.5 WBTC was transferred from address 0x85c to address 0x4b7 on Wednesday, flagged as a “high balance” address on blockchain intelligence platform Nansen. The transaction pattern is consistent with address poisoning, a phishing technique that exploits users’ transaction histories rather than compromising private keys.
