The scammers reportedly sent consumers a new security update to Solana Phantom assuring them that it would provide additional protection.
However, law enforcement installed password-stealing malware through defunct NFTs and used it to drain cryptocurrency from affected wallets.
Another trick in space
A recent monitoring revealed that the program started two weeks ago when NFTs named “PHANTOMUPDATE.COM” or “UPDATEPHANTOM.COM” reached some Phantom users. Upon opening, they were advised to click the attached link or visit a website to download and install the latest security upgrade.
“Phantom requires all users to update their wallets. This should be done as quickly as possible. Failure to do so may result in money loss due to the Solana network being exploited by hackers. Please visit www.updatePhantom.com for the latest security update.”
Once they choose one of the two options, victims automatically download a batch file named “Phantom_Update_2022-10-08.bat”. Accepting the terms led users to another file called windll32.exe. However, according to VirusTotal’s cybersecurity platform, this feature is a password-stealing malicious program that tries to drain browser information, including history, passwords, and cookies.
The main purpose of the hackers was to use passwords and steal digital assets from the cryptocurrency wallets of the victims.
Individuals who installed the malicious file should scan their computers with an antivirus and then transfer their holdings from their existing Phantom wallet to a new wallet. Changing passwords on all cryptocurrency-related sites is also essential.
Having a unique password for each site might be the best idea as it prevents credentials from leaking between different databases.
Solana’s fake wallet turned into a unicorn
Despite the aforementioned scam, 2022 was a very successful year for Solana-based cryptocurrency wallet Phantom.
Eight months ago, it raised $109 million to raise funds led by Canadian investment firm Paradigm and American venture capital firm Andreessen Horowitz (a16z), after which its market valuation reached $1.2 billion.
“The Phantom team is honored to work with these incredible partners and their confidence in carrying out our vision of bringing Web3 to the wider world. The explosive adoption of NFTs and DeFi has clearly underlined the tremendous role cryptocurrency wallets play in providing a secure, fun and easy-to-use user experience,” he said. Description of the project at the time.
This spring, Solana-based wallet released an Android mobile app, which means users can manage crypto and NFTs on any smartphone running this operating system. Prior to that, Phantom introduced the service on iOS.
The post that hackers using fake Solana Phantom updates to steal Crypto (report) first appeared on CryptoPotato.