Concerns regarding wallet UX and address poisoning scams have come back to the forefront after a phishing attempt stole $264,000 in Wrapped Bitcoin from Phantom Chat.
After an investor lost around $264,000 worth of Wrapped Bitcoin in what authorities described as a phishing attempt made possible via address poisoning, researchers are looking into a built-in messaging feature in the Phantom crypto wallet.
ZachXBT, a blockchain researcher, found proof that a victim lost 3.5 Wrapped Bitcoin (wBTC) in a suspected phishing attack connected to Phantom Chat.
The data shows that on Wednesday, 3.5 WBTC was sent from address 0x85c to address 0x4b7. Nansen, a blockchain intelligence platform, calls this address a “high balance” address. Address poisoning is a phishing tactic that leverages users’ transaction history instead of acquiring their private keys. The way the transactions happen works with this strategy.
Scammers get people to send crypto to illegal wallets by initially sending them modest amounts of money and hoping that the victims will copy and paste the attacker’s address from their history.
Community criticism highlights wallet UX concerns
ZachXBT told Phantom to improve its user interface, saying that the messenger feature was a “new way for people to get drained” and warning that the app’s user interface didn’t filter out spam transactions to keep users from falling for address poisoning scams.
User Kill4h also said that the messenger feature led to two address poisoning attempts, and he shared a screenshot of two blockchain transactions valued $136 and $101 in USDC USDC$1, respectively.
The events are the most recent reminders of how crucial it is for investors’ safety that crypto wallets are straightforward to use.
Industry response and calls for additional protections
In December 2025, an investor lost $50 million in an address poisoning scam. Since then, well-known players in the crypto world, such Binance co-founder Changpeng Zhao, have called for better wallet security to stop phishing scams.All wallets should only check to see whether the address they are sending to is a “poison address” and then stop the user. In a blog post from December, Zhao wrote, “This is a blockchain query,” and then added, “Lastly, wallets shouldn’t even show these spam transactions anywhere.” Just filter it out if the tx is worth a little.
Phantom says that to avoid common crypto scams, users should presume that any unsolicited tokens or NFTs sent to their wallets are part of a fraud. They also say that users should never click on links in paid Google search results or social media platforms that promise free airdrops.
On December 23, Phantom said that its live chat option would be available on all tokens, perpetual futures, and forecasts pages.
Experts urge improved on-chain security practices
Hacken’s Extractor team, a security company, said that while spam filtering in crypto apps can lower the risk of address poisoning attacks, users need to avoid copying wallet addresses from their transaction history.
Deddy Lavid, the CEO of blockchain cybersecurity company Cyvers, told Cointelegraph that better transaction practices can help avoid these kinds of scams, but the crypto industry has to be warned ahead of time about poisoning assaults.To effectively keep users safe, there needs to be address similarity identification, risk checks before transactions, and unambiguous warnings before they sign.
The CEO claimed that users can also choose wallets that offer “firewall-style security simulation” in real time, which illustrates how a transaction would happen before it happens.
The Rabby Wallet, Zengo Wallet, and Phantom Wallet are all examples of wallets that have mechanisms that can stop bad transactions before they are approved.