Phantom Wallet Users at Risk as Scammers Deploy Fake Pop-Ups

The pop-ups trick users into revealing their seed phrases and losing access to their funds. Despite these security threats, Phantom’s popularity continues to rise due to increased Solana meme coin activity. Meanwhile, ransomware payments dropped by 35% in 2024 thanks to improved law enforcement and victim resistance. In a separate case, Payza founder Firoz Patel received an additional 41-month prison sentence for trying to conceal 450 BTC after his conviction for money laundering.

Phishing Scammers Target Phantom Wallet Users

Phishing scammers have been actively targeting users of the Solana-based Phantom wallet by trying to steal private keys through deceptive pop-ups that mimic legitimate update requests. The Web3 scam detection platform Scam Sniffer recently alerted users on X about this scam. It involves fraudsters connecting to real Phantom wallets and tricking users into approving a fake “update extension” signature request. Once approved, victims are then prompted to input their seed phrase, which, if entered, grants scammers full access to the wallet and allows them to drain funds.

Scam Sniffer previously warned Phantom users about similar phishing tactics in late January, where pop-ups on malicious websites imitated the Phantom interface to deceive users into entering their wallet seed phrase under the guise of a fake connection request. To help users identify these fraudulent pop-ups, Scam Sniffer recommended right-clicking links to check their authenticity, as phishing pages typically block this action and real Phantom wallet windows do not. 

Another key indicator is the URL, as genuine Phantom pop-ups display “chrome-extension” as part of the link, something scam websites cannot replicate. Additionally, Phantom’s legitimate pop-ups function like system windows that allow users to minimize, maximize, and resize them, while fake ones stay confined within the browser tab.

Despite these security threats, Phantom’s usage continued to grow. This growth is driven by the increasing popularity of Solana-based meme coins. The wallet’s 24-hour revenue from transaction fees hovers around $470,000, which is more than that of Coinbase Wallet, according to data from DefiLlama. On Jan. 19, Phantom’s daily revenue even spiked to a record $3.6 million. The platform has also reported surpassing 10 million monthly active users and processing more than 850 million transactions in 2024. To add even more fuel to Phantom’s momentum, it introduced multicurrency support on Feb. 6 that allows users to transact in 16 different currencies.

Phantom’s growth is also boosted by a successful $150 million Series C funding round that was announced on Jan. 17. This funding round brought the company’s valuation to $3 billion.

Ransomware Payments Drop 35% in 2024

Despite sophisticated phishing attacks still wreaking havoc on the crypto community, ransomware payments extorted from victims saw a sharp decline of approximately 35% in 2024 compared to the previous year. According to a report that was released by blockchain analytics provider Chainalysis, attackers managed to extract almost $815 million from victims throughout the year. This was a big drop from the record-breaking $1.25 billion in 2023. It was also the first decline in ransomware revenues since 2022.

(Source: Chainalysis)

The report attributes this decline to a combination of increased law enforcement actions, improved international cooperation, and a growing trend of victims just refusing to pay. As a response to these challenges, ransomware groups are adapting their strategies, including leveraging new code repositories and initiating extortion negotiations within hours of an attack. The actors behind these attacks range from state-sponsored groups and ransomware-as-a-service (RaaS) operations to independent hackers and smaller data theft rings.

The overall decrease in ransomware payments became particularly evident in the second half of 2024 as payments dropped by around 79% compared to the first half of the year. This steep decline proves the effectiveness of intensified global law enforcement efforts, even as the number of attempted attacks increased during this period. Chainalysis pointed out that while more victims were targeted, fewer chose to actually comply with ransom demands. This suggests that there was a major shift in how organizations and individuals handle ransomware threats.

(Source: Chainalysis)

The reduction in ransomware payments aligns with a broader decline in crypto-related exploits throughout 2024. Crypto scams, hacks, and other exploits saw a downward trend as well, and ended in December with the lowest amount of stolen funds recorded for the year. Blockchain security firm CertiK reported that losses to crypto exploits, hacks, and scams in December stood at $28.6 million, which is a large decrease from the $63.8 million in November and $115.8 million in October. A CertiK spokesperson believes this drop was due to a decline in major incidents involving losses of $100 million or more.

Payza Founder Gets More Jail Time for Hiding Bitcoin

Meanwhile, a US judge sentenced Canadian crypto payments app founder Firoz Patel to an additional three and a half years in prison after he tried to conceal 450 Bitcoin he was ordered to forfeit after his conviction on money laundering charges. Washington, DC, federal court judge Dabney Friedrich handed down the 41-month sentence after Patel pleaded guilty to one count of obstruction of an official proceeding in September. This was according to a statement from the Department of Justice that was released on Feb. 6.

Patel was initially sentenced in 2020 to three years in prison and two years of supervised release after pleading guilty to conspiracy to operate an unlicensed money-transmitting business and to launder money through his company Payza. Prosecutors accused Payza of processing crypto transactions in the US without a license and facilitating illicit financial activities, including money laundering, Ponzi schemes, and pyramid scams. As part of his 2020 sentencing, Patel was ordered to disclose and forfeit any assets that he obtained through Payza, but he claimed to possess only $30,000 in a retirement account.

Press release (Source: US Attorney’s Office)

Shortly after his initial sentencing, but before reporting to prison, Patel tried to gather and move Payza’s Bitcoin holdings. At first, he deposited the funds on Binance, but the exchange flagged and subsequently closed his account in April of 2021. He then created an account at Blockchain.com in his father’s name and attempted to transfer the Bitcoin there, but the exchange also flagged the transaction and froze the funds. In response to this, Patel directed a Payza business associate to provide fake identification to the exchange in an attempt to unfreeze the assets.

While serving his prison sentence, Patel became aware that authorities were investigating the concealed 450 BTC and hatched a plan to evade further prosecution. As his release date approached, he hired someone to impersonate a lawyer to mislead prosecutors long enough for him to be freed, after which he planned to flee the US to avoid additional legal consequences. However, investigators uncovered the scheme and indicted him again before his release.

In addition to his extended prison term, Judge Friedrich ordered Patel to serve three years of supervised release and forfeit over $24 million, along with the 450 Bitcoin that is currently still held by Blockchain.com.