Key takeaways
- Assume any unsolicited token or NFT in your wallet is a scam, especially those offering something for free.
- Never click on links in paid google results, social posts, replies, or messages to access an app or airdrop.
- Use Phantom to safely access apps and airdrops that are verified and safe.
- Never give out your private key or secret recovery phrase!
With the increasing number of tokens, apps, and airdrops, there’s also a rise in scams aiming to steal them. It appears that almost every other day, there's a new story of someone being fooled into believing they've won a prize or used a legitimate app, only to discover they were on a malicious site and signed a transaction that emptied their wallet’s funds.
At Phantom, we’ve developed industry-leading technology and organizational security practices to help protect you, but it’s important to understand what popular scams look like today, so you can better protect yourself.
Here’s a list of the most common crypto scams to look out for, and solutions on how to avoid them.
Common crypto scams
Fake giveaways and airdrops
This scam promises you free tokens or NFTs to bait you into clicking a malicious link. Once you click the link, which is usually found in a spam NFT or fake ad, it directs you to a malicious website to connect your wallet or approve a transaction. If you do, it’ll drain your wallet.
⚠️ Assume any unsolicited NFT in your wallet is a scam and never click links in them.
✅ Use trusted banners or verified apps in Phantom to access apps and airdrops.
Customer support imposters
This involves scammers pretending to be a customer support representative, or another user, to trick you into providing sensitive information. Often, they provide a fake email address or link to a website where they ask you to divulge your seed phrase or sign a malicious transaction. Why? To drain your wallet.
⚠️ Never follow links from unsolicited support messages.
✅ You can safely access our Support team by opening your Phantom wallet and going to Settings > Help & Support > Start a chat > Submit a ticket.
Hacked or fake social media accounts
Sometimes sophisticated hackers impersonate users or gain control of the official social media accounts of brands that you follow. When they do, they often post links to fake airdrops, allow lists, or giveaways. If you’re not careful, you may think it’s legitimate and click through to connect your wallet. If you do, they’ll drain your wallet.
⚠️ Never click on links to airdrops or giveaways in any social media post.
✅ Use trusted banners or verified apps in Phantom to access apps and airdrops.
Deceptive messages and links in Discord, Telegram, and Twitter
Scammers often disguise themselves as members of an NFT community, crypto company, or even, your friend group. When they do, they’ll likely send you a direct message offering help or support in exchange for money or sensitive information, such as your seed phrase. Don’t fall for it. They’re trying to get your money, assets, or both.
⚠️ Never click on links in private messages on Discord, Telegram, or Twitter, even if you believe you know the person.
✅ Safely search and visit apps in Phantom.
Scam social media ads
Scammers create ads on social networks like X and YouTube to advertise fake airdrops and giveaways. Like the other scams, these ads lead to malicious website where you’ll be asked to connect your wallet and/or sign malicious transactions or messages. Don’t. If you do, they’ll drain your wallet.
It’s also important to note that these scams have become increasingly sophisticated, going as far as cloning websites and using artificial intelligence (AI) to impersonate crypto founders.
⚠️ Never click on links to apps, giveaways, or airdrops in paid social media ads.
✅ Use trusted banners or verified apps in Phantom to access airdrops.
Scam Google ads
Scammers pay for sponsored Google ads pretending to be official projects. These ads often show a project’s official URL, but then redirects you to a scam site with an unofficial URL—that closely mirrors the real one. When you connect your wallet to the fake site and sign a transaction, your wallet is drained.
⚠️ Never visit apps or airdrops from paid Google search results!
✅ Safely search and visit apps in Phantom
How Phantom protects you
Now that you’ve learned how to identify the most common crypto scams, here are some of the everyday Phantom security features that help keep you safe.
Better spam detection
We make it easy to avoid spam. Using a combination of third-party verifications, machine learning models, SimpleHash spam scores, and user feedback, we automatically detect and remove spam from your wallet.
- We auto-detect and hide spam NFTs and their media.
- We automatically hide all fungible tokens that have an URL in the name.
- If a user reports a token or NFT as spam, it’s automatically hidden from the wallet.
Phantom Explore
Phantom Explore makes discovering and using your favorite apps safe and easy. Rather than worrying about clicking on malicious sites and links, you’re shown official websites and vetted apps. This allows you to discover, search, bookmark, and connect to apps with peace of mind.
Report as Spam
Our community helps make Phantom safer for everyone. Whenever you, and others, report spam right from the NFT, you not only protect yourself, but others as well.
How to report spam NFTs:
- Select the ellipsis icon on any unwanted NFT
- Select “Report as Spam and Hide”
That’s it. The spam NFT will be reported and moved to the Hidden folder.
As you report spam, our filters will learn how to identify and filter them to prevent future ones from reaching you.
Burn spam NFTs
This feature allows for the manual removal of unwanted spam NFTs.
How to remove spam NFTs:
- Select the NFT you want to burn in the Collectibles tab
- Select the Burn Token function located in the top-right ellipsis menu
Once you burn an NFT, the token will be permanently removed from your wallet and you’ll receive a bit of SOL that served as the "rent" for storage.
Note: It’s never dangerous to burn spam NFTs.
Transaction Previews
You can think of Transaction Previews as a firewall that identifies malicious transactions and warns you before you approve them. Every Phantom wallet utilizes Transaction Previews, which is powered by Blowfish, a company we incubated right here at Phantom.
Transaction Previews protects you against all kinds of attacks (phishing, dapp-level DNS hijacking, software supply chain attacks, and more) and empowers you with real-time warnings and human-readable transaction context.
Open-source blocklist
We’ve created an open-source and community-maintained blocklist of malicious domains that we block you from connecting to by accident.
Whenever we discover a malicious token or NFT, we add its contract address and domain to the block list, which hides the NFT from your wallet and creates a warning if you try to connect to the malicious site.
Shortcuts
Rather than scour Google and Twitter for your NFT collections’ official links, you can access them from the NFT in your Phantom wallet. With one click, you can pull up a menu with all the top links and actions for your NFT. Plus, these links are added by the project itself so you can feel confident that it came from a trusted source.
Summary
As web3 becomes more popular, it not only attracts new excited users, but scammers as well. These bad actors try to take advantage of you through an array of common crypto scams, such as fake giveaways and airdrops, spam NFTs, scams ads, and more. But we're here to protect you. By practicing these security best practices, and using Phantom, you can avoid these common crypto scams and navigate web3 safely and easily.
