After the latest high-profile NFT hack, this time taking down tech entrepreneur Kevin Rose, the security advantages of self-custody wallets were making the rounds on Crypto Twitter again.
On Wednesday, the creator of Proof and the Moonbirds NFT project was the victim of a phishing attack after the scammer sent Rose a message that leveraged permissions that he’d already granted to his MetaMask wallet on the OpenSea marketplace. When that message was signed, the thief used those privileges to drain over 40 NFTs, including an Autoglyphs NFT worth almost $500,000, from his wallet.
A tweet responding to Rose pointed out that the popular Solana cryptocurrency, Phantom, had warned its users of a malicious website and blocked the website that had snared Rose. The wallet developer responded, “we got your back.”
Like MetaMask, Phantom has a browser and mobile app that users can use to purchase, buy, or send their favorite NFT collections.
“We’ve always done certain forms of blocking—initially manually through an open source blocklist, and then getting more automated and sophisticated over time,” Francesco Agosti, Phantom co-founder and CTO, told Decrypt via direct message. “You need to keep up with scammers, who are coming up with new strategies all the time, to be effective.”
In a blog post on Wednesday, Phantom addressed the issue of phishing and scams, saying that the wallet has scanned over 85 million transactions and blocked over 18,000 wallet-draining transactions.
Agosti says Phantom uses manual and automated systems to keep its website blocklist up-to-date, and the company proactively blocks sites it finds suspicious characteristics.
Agosti acknowledged that the issue that hit Rose yesterday was that he signed a message, not a transaction. Phantom currently doesn’t scan messages, but Agosti said the company is working on scanning them in a future release.
“You don’t have to change any settings; it’s all on by default,” he said. “You probably won’t notice it when using safe dApps, but it activates when you visit a website or try to submit a transaction we think is malicious.”
Phishing is one of the most common forms of online attacks. These scams can come via email, social media, or text. On Wednesday, the Twitter account of the Robinhood exchange was compromised by hackers who launched a phishing attack impersonating the popular trading platform.
Regardless of the method of transmission, phishing scams ask users to respond in some way, either by replying to a text message or clicking a link that connects the users to a malicious website. And while any device linked to the internet is a potential target, Agosti says the Phantom wallet comes ready.
“Phishing is pretty constant—perhaps growing overall as more users enter the space and the opportunity becomes more attractive. In terms of actual scams—that fluctuates. Usually, what happens is that things are fairly stable for a while, and then scammers discover a new strategy that works really well, and then the number of scams spikes as the ecosystem adapts to that new strategy. Kind of like an immune system,” he said.
Decrypt reached out to the creators of MetaMask, but has yet to receive a response.