Phantom Wallet Gets a Boost, Adds Support for Sui

December 6, 2024 Bitcoin.com

Phantom Wallet Joins Dydx, Easing Access for 7 Million Users

September 26, 2024 Bitcoin.com

Fake Solana wallet security update is trying to steal your crypto: Reports

October 11, 2022 Coin Telegraph

Password-stealing malware is being spread by hackers through NFT airdrops purporting to be Solana Phantom security updates.

For the last two weeks, unknown hackers have been airdropping nonfungible tokens (NFTs) to Solana cryptocurrency users masquerading as a new Phantom wallet security update, however, instead of an update, it's malware designed to steal their crypto.

According to BleepingComputer, the hackers are claiming to be from the Phantom team and using NFTS titled "PHANTOMUPDATE.COM" or "UPDATEPHANTOM.COM."

After opening the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded by using the enclosed link or the listed website.

To add urgency, the message claims that failing to download the fake security update, “may result in a loss of funds due to hackers exploiting the Solana network.”

The fake NFTs being used to spread malware. Source: BleepingComputer

The urgency piece is likely related to the Solana-based wallet hack which saw roughly $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope.

Should a victim follow the fake Phantom update instructions, the process ends with malware being downloaded from GitHub which attempts to steal browser information, history, cookies, passwords, SSH keys and other information from the user.

Users who may have inadvertently fallen prey to this scam are recommended to take security precautions such as scanning their computer with antivirus software, securing crypto assets, and changing passwords on sensitive platforms such as bank accounts and crypto trading platforms.

In the past, similar malware-spreading campaigns have employed malware dubbed "Mars Stealer" to steal crypto from unsuspecting users.

An upgrade of the information-stealing Oski trojan of 2019, Mars Stealer targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users' private keys.

Solana wallet fires up the grill to burn spam NFTs out of existence

August 18, 2022 Coin Telegraph

Coin Telegraph

The Phantom wallet app has launched a new Burn Token feature, allowing users to remove spam NFTs sent by scammers.

Solana-based wallet provider Phantom has launched a new burn feature allowing users to remove spam non-fungible tokens (NFTs) sent by scammers.

According to an Aug. 18 blog post from the Phantom team, the new feature is accessible via the Burn Token tab in the Phantom wallet app, allowing users to receive a minuscule deposit of Solana (SOL) each time they use it.

“We’re still in the Wild West days of Web3. As the crypto ecosystem grows, so have the number of bad actors looking for ways to steal user’s funds. The rapid growth in popularity of NFTs has led to an increasingly prevalent method of attack for scammers – Spam NFTs.”

Phantom noted that the issue has been particularly prevalent on Solana due to its low transaction fees, with bad actors often airdropping supposedly free NFTs en masse which contain malicious links.

Spam NFT generally prompt the receiver to click a link to mint a free NFT, however, if they complete the process, their funds end up being drained from their wallet. Alternatively, the link will ask the receiver to input their seed phrase, resulting in the same outcome.

“These scams are becoming increasingly more sophisticated. For instance, after a contract address and domain are identified as malicious, scammers can change the metadata of an NFT to try to avoid being blocklisted. It can feel like an endless game of whack-a-mole,” the blog post read.

The move is part of a broader initiative by Phantom to counter spam NFTs and bad actors in the space. The team stated that it also fights scammers through its phishing warning system, which issues warning to users on “any malicious transactions that could compromise their assets or permissions” after clicking on dubious links.

5/ While we’re introducing NFT burning and improved phishing alerts today, we’re not stopping there. Users can look forward to more automated spam detection in the future.

To read more about how we're fighting wallet spam, check out our latest blog post:https://t.co/OZYOEvVIFH
— Phantom (@phantom) August 17, 2022

The post added that Phantom is currently collaborating with Blowfish to improve how “we alert users to phishing attempts.”

“While we’re introducing NFT Burning today, we’re not stopping there. Users can look forward to more automated spam detection in the future. Using providers like SimpleHash and our own internal reporting, we will be able to gauge if an NFT is likely to be spam,” the post read.

Phantom is one of the most popular wallet providers for Solana-based NFTs and decentralized fiance (DeFi), with more than 2 million monthly active users according to the firm.

At the start of August competing wallet firm Slope suffered a security exploit which saw an estimated $8 million worth of funds drained on the Solana blockchain.

In a post mortem analysis, Solana’s head of communications Austin Fedora found that 60% of the victims of the attack were Phantom users, despite the issue originating from Slope.

Solana hosted the second largest amount of NFT sales volume in July at $56.1 million, behind only Ethereum which posted a whopping $535.6 million according to data from CryptoSlam.

Finance Redefined: 1Password partners with Phantom, and Stark deploys nine DApps, Feb. 18–25

February 25, 2022 Coin Telegraph

1Password

1Password joined forces with Phantom on a security endeavor, StarkNet rolled out its first set of DApps, and Celsius deployed an institutional Wrapped Ether pool on Maple Finance — all coming to you in this week’s Finance Redefined.

Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter.

In the aftermath of concerning political situations this week, the markets reacted strongly to the downside, but some assets attempted a recovery to end the week positively.

1Password collaborates with Phantom Wallet on API service

Digital security platform 1Password announced a joint partnership with Phantom Wallet this week to grant asset holders the ability to consolidate their lists of public key addresses, seed phrases and other corresponding security details into a single “Save in 1Password” system.

Operating primarily in the traditional financial sector at this time, 1Password has over 100,000 corporate clients from a panoply of industries, including well-recognized brands such as IBM, Slack, Shopify and Under Armour.

1Password’s flagship service, an application programming interface, aims to simplify the user experience by enabling asset sovereignty and independent portfolio responsibility to help investors sufficiently manage cryptocurrencies and nonfungible tokens held on the Solana blockchain.

Cointelegraph spoke to Matt O’Leary, VP of partnerships at 1Password, for a detailed assessment on the subject of security, as well as whether the prevalence of hacks and exploits in the decentralized finance space has catalyzed demand necessity and subsequent innovation for security solutions such as 1Password.

“1Password’s partnership with Phantom is a great example of innovation that is conquering this challenge... This human-centric approach to crypto wallet security was designed with the end-user in mind, making it easier than ever to invest in crypto safely and securely.”

StarkNet deploys inaugural nine DApps to advance mainstream adoption

Layer-2 scaling solution StarkNet, well-known for its Ethereum protocol service StarkWare, announced the deployment of its first series of decentralized applications (DApp) this week.

The DApps are focused across a range of sectors, including an ERC-721 nonfungible token project called Mallows, a real-time price chart also from the Mallows team, as well as a Cairo-multisig contract, among others.

StarkNet is a permissionless validity rollup, or zero-knowledge Rollup, that uses basic compression technology to boost the production and security benefits of Ethereum’s layer 1. The company prides itself in its products’ ability to provide “rock-bottom” gas fees and “limitless” scaling potential.

Here are the latest projects we have listed - all building on StarkNet ✨ from @StarkWareLtd https://t.co/y55wb8p8nb ️

1/
— zkRollups.xyz (@zkRollupsXYZ) February 22, 2022

The StarkWare team revealed its pursuit for full decentralization within the next year, a strategy that proceeds a Sequoia Capital-led $50-million Series C fundraise on Nov. 16, taking the project’s valuation to $2 billion.

Celsius deploys crypto lending service on Maple Finance

Digital asset lending platform Celsius became the inaugural pool delegate from the centralized finance industry this week to roll out a cryptocurrency lending service on Maple Finance, utilizing the latter’s smart contract and blockchain infrastructure to offer a $30-million pool to institutional-grade investors.

Celsius follows in the footsteps of existing pool delegates BlockTower, Orthogonal Trading, Maven 11 and Alameda Research, which are partnering with Maple for this type of project. The introduction of Wrapped Ether (wETH) is set to complement the existing accessibility to trade Circle’s native stablecoin, USD Coin (USDC), enabling investors to utilize the asset across an array of trading components, including staking, lending and borrowing.

Cointelegraph spoke to Sidney Powell, co-founder and CEO of Maple Finance, to uncover the prerequisites and financial nuances that interested institutional investors must be aware of before engaging with the pool.

Powell shared that “institutions work directly with the Celsius team to borrow from this pool. Borrowers have to pass through Celsius’ established KYC and credit assessments,” adding:

“In this instance, digital asset institutions Wintermute and Amber have already been doing business on Maple, so have an on-chain credit reputation, and signed a Master Loan Agreement, too. This, plus Celsius’ established processes, means onboarding has been streamlined for all parties.”

This is such an exciting day for @maplefinance - @CelsiusNetwork is the first CeFi firm to launch a lending business using Maple's smart contract infrastructure.

And on top of that, its our first WETH-demoninated pool!https://t.co/foCHZSIsS7
— Lucas Manuel (@lucasmanuel_eth) February 24, 2022

Token performances

Analytical data reveals that DeFi’s total value slightly decreased by 8.53% across the week to a figure of $106.82 billion.

Terra (LUNA) was the solitary riser in the DeFi space this week with a 27.7% gain following a positive performance on Friday.

Interviews, features and other cool stuff

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us again next Friday for more stories, insights and education in this dynamically advancing space.

1Password integrates security API into Phantom Wallet

February 22, 2022 Coin Telegraph

1Password

The partnership aims to enable asset holders to store their library of public key addresses and seed phrases in one place.

Digital security service 1Password has announced a collaborative partnership with Phantom Wallet to enable asset holders to amalgamate their vast accumulations of public key addresses, seed phrases and other corresponding security details into a single ‘Save in 1Password’ system.

The application programming interface (API) of 1Password aims to simplify the user experience, enable asset sovereignty and assign portfolio responsibility to help investors sufficiently manage their cryptocurrencies and nonfungible tokens (NFTs) held on the Solana blockchain.

A centralized entity at its core, some would argue that 1Password challenges the ideological consensus of the Web3 industry, countering the trustless thesis often proclaimed, with a conscious emphasis on security certitude and loss prevention.

Consumers familiar with interaction in the e-commerce and social profiling markets have obtained vast experience navigating the tedious password login and storage processes. Upon entering the cryptocurrency space, comprehensive education on the intricate nuances of digital wallet security is crucial for the protection and true ownership of acquired assets.

Cointelegraph reached out to Matt O’Leary, the VP of Partnerships for 1Password, for an in-depth assessment on the subject of security, as well as whether the prevalence of hacks and exploits in the decentralized finance (DeFi) space has catalyzed demand necessity and subsequent innovation for security solutions such as 1Password.

O'Leary stated that its "important to keep in mind that crypto wallet logins are much more complex than the average login, made up of long chains of characters and word strings that must be remembered and entered without error", before remarking:

1Password’s partnership with Phantom is a great example of innovation that is conquering this challenge... This human-centric approach to crypto wallet security was designed with the end user in mind, making it easier than ever to invest in crypto safely and securely.

O’Leary expects Phantom to be the first of many crypto-themed partners over the coming months to integrate within the companies flagship service, Save in 1Password.

Cointelegraph also spoke to Brandon Millman, the CEO and Co-Founder of Phantom Wallet, to learn more about his macroscopic vision for the digital wallet security market as we progress towards the conceivable utopia of mainstream adoption.

"In order for crypto and Web3 to go mainstream, people need to feel confident in the safety and security of their assets. Stories of people losing crypto or getting hacked can be intimidating.

Millman continued on to explain that "the benefits of a non-custodial wallet in terms of personal control and independence also comes with the added responsibility of personal key management."