Phantom users receive malware disguised as NFTs
Users risk losing passwords and funds on cryptocurrency wallets when they click on links from non-fungible tokens
11.10.2022 - 08:15
945
2 min
0
What’s new? Cybersecurity experts at BleepingComputer have warned users about a fake security update for Phantom cryptocurrency wallets on the Solana blockchain. Hackers, under the guise of a wallet update, send out non-fungible tokens (NFTs) that contain malware.
News on the BleepingComputer website
How does the hack happen? The attackers pose as members of the Phantom team and send NFTs with malware to wallet owners to steal passwords. The tokens usually have names like PHANTOMUPDATE.COM and UPDATEPHANTOM.COM.
After opening the NFT, users are notified that a new security update has been released for the Phantom wallet, which can be downloaded from the attached link. When the website is accessed, malware from GitHub is downloaded to victims’ devices which steals browser information, cookies, history, passwords, SSH keys, and other information. Solana users are advised to scan their devices with antivirus software and change their passwords.
In August, the Solana network was subjected to a hacker attack that resulted in attackers managing to withdraw millions of dollars from users’ wallets. Analysts at Watcher Guru reported the theft of more than $7 million in SOL tokens and USDC stablecoins. Solana developers later revealed that the affected addresses were created, imported, or used in Slope mobile wallet apps.
In September, the 1inch team warned about a vulnerability in the Ethereum vanity address generating tool Profanity. Thus, keys to wallets created with the service could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago after “fundamental security issues in the generation of private keys” were found.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$64 120
BTC
-4.22%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.19
XRP
-2.89%
-
Dogecoin
$0.090147
DOGE
-3.62%
-
TRON
$0.160134
TRX
-1.59%
-
Zcash
$602.45
ZEC
-1.42%
-
Cardano
$0.197034
ADA
-8.1%
-
Stellar XLM
$0.210701
XLM
-7.17%
-
Polkadot
$3.32
DOT
+5.27%