A built-in messaging feature in the Phantom crypto wallet is drawing scrutiny from security researchers after an investor lost about $264,000 worth of Wrapped Bitcoin in what investigators described as a phishing attack enabled by address poisoning.
Blockchain investigator ZachXBT shared blockchain data pointing to a victim losing 3.5 Wrapped Bitcoin (wBTC) in a suspected phishing attack tied to Phantom Chat.
The data shows a transaction where 3.5 WBTC was transferred from address 0x85c to address 0x4b7 on Wednesday, flagged as a “high balance” address on blockchain intelligence platform Nansen. The transaction pattern is consistent with address poisoning, a phishing technique that exploits users’ transaction histories rather than compromising private keys.
Scammers trick victims into sending crypto to illicit wallets by first sending them small transactions and hoping unsuspecting users copy and paste the attacker’s address from their history.
ZachXBT urged Phantom to upgrade its user interface, calling the messenger feature a “new method for people to get drained,“ and warning that the app’s user interface did not filter out spam transactions to avoid users falling victim to address poisoning scams.
X user Kill4h also reported falling victim to two address poisoning attacks through the messenger feature, sharing a screenshot of two blockchain transactions worth $136 and $101 in USDC (USDC), respectively.
Related: Fake MetaMask 2FA security checks lure users into sharing recovery phrases
The incidents are the latest reminders of the importance of crypto wallet user experience for the safety of investors.
Leading crypto industry figures, including Binance co-founder Changpeng Zhao, have previously called for better wallet security measures to avoid phishing scams, after an investor lost $50 million in an address poisoning scam in December 2025.
“All wallets should simply check if a receiving address is a ‘poison address,’ and block the user. This is a blockchain query,“ wrote Zhao in a blog post in December, adding:
“Lastly, wallets should not even display these spam transactions anywhere. If the value of the tx is small, just filter it out.“
To avoid common crypto scams, Phantom recommends that users assume any unsolicited tokens or NFTs sent to their wallets are part of a scam and urges users never to click on links in paid Google search results or social media platforms promising free airdrops.
Cointelegraph has reached out to Phantom for comment on the incident and details on future user interface upgrades.
Phantom announced the launch of its live chat feature across tokens, perpetual futures and predictions pages on Dec. 23.
Related: TRM Labs completes $70M investment round at $1B, becomes crypto unicorn
Crypto investors need better onchain security practices: Cybersecurity experts
While spam filtering from crypto applications can reduce the risk of address poisoning attacks, users need to stop copying wallet addresses from their transaction history, urged security firm Hacken’s Extractor team.
“Web3 users have to maintain a single source of truth for recipient addresses (Address Book / List).“
Hacken also pointed to a 12.3 million Ether (ETH) address poisoning attack suffered by a wallet linked to Galaxy Digital on Jan. 30, serving as a reminder that even institutional participants can fall victim to these scams.
While improved transaction practices can help avoid such scams, the crypto industry needs pre-emptive security alerts to eradicate poisoning attacks, Deddy Lavid, the CEO of blockchain cybersecurity company Cyvers, told Cointelegraph:
“Real protection requires pre-transaction risk checks, address similarity detection, and clear warnings before users sign.“
Users may also opt for wallets that provide real-time “firewall-style security simulation“ that shows how a transaction would occur before executed, the CEO said.
Wallets that offer preemptive tools to filter for malicious transactions ahead of approval include the Rabby Wallet, Zengo Wallet and Phantom Wallet.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
