ZachXBT Flags Phantom Chat Risk: Wallet Flaws Could Drain Funds

Phantom, which operates a self-custodial crypto wallet, plans to launch a social feature called Phantom Chat in 2026. The announcement comes as crypto wallets face increased scrutiny over security and user protection, amid regulatory action and a rise in wallet-related scams.

Security researchers say the timing is concerning, warning that unresolved design issues in Phantom’s wallet could lead to further user losses before new features are introduced.

Address poisoning remains unaddressed, says ZachXBT

On-chain investigator ZachXBT warned that Phantom still does not adequately filter spam transactions, making users vulnerable to address poisoning attacks.

In these scams, attackers send small transactions from addresses that visually resemble legitimate ones. When users later copy an address from their recent transaction list, they may unknowingly select the attacker’s address instead.

ZachXBT wrote: “So a new method for people to get drained. Please consider fixing address poisoning first.

A victim lost 3.5 WBTC last week since your UI still does not filter out spam txns users, so they accidentally copied the wrong address from recent transactions since the first characters looked similar.”

3.5 WBTC loss highlights real-world impact

According to the disclosure, a user lost 3.5 WBTC in a recent incident tied to this issue.

The theft address was: 0x85cBe4af7167887839f27A759EED03E7Af11D8f6

The transaction hash was:

0x9f0fc3cd380fcde7cd7f0b1d8a646021841b211b784ac00c8ed9d4e267a647a4

The incident highlights how easily users can make costly errors when spam transactions are left mixed in with legitimate activity, especially in wallets where recent transaction history is commonly used to copy addresses.

Phantom has not yet shared technical details about how Phantom Chat will function. However, wallet-based social or messaging tools have historically introduced new risks when basic protections are lacking. Messaging layers can be exploited for phishing attempts, impersonation, or scam coordination if users cannot clearly verify who they are interacting with or where funds are being sent.

For users, the issue is straightforward. Each added feature creates another point where mistakes or manipulation can occur, particularly if existing weaknesses remain unresolved.

Why this matters to users

For everyday wallet users, this is not a product update story — it is a funds-at-risk story. Wallet interfaces are often the final line of defense between users and irreversible on-chain transactions. If basic safeguards fail, new social layers may increase confusion rather than safety.

Address poisoning scams, in particular, do not rely on technical exploits. They rely on normal user behavior: copying an address from transaction history and assuming it is correct.

Broader context: Wallet UX is now a security issue

As crypto wallets add more features beyond basic storage and transfers, interface design is no longer just about appearance. Investigators and regulators have repeatedly linked unclear or cluttered wallet interfaces to avoidable user losses, particularly among retail traders.

In this context, unresolved UX flaws are no longer minor issues — they can have direct financial consequences.

Phantom serves millions of users across multiple chains, which makes unresolved address poisoning risks materially significant — not theoretical.

At the time of publication, Phantom had not publicly responded to ZachXBT’s warning or clarified whether address poisoning protections would be addressed ahead of Phantom Chat’s release.

Also Read: Bitcoin Drop Linked to $IBIT Hedging, Hayes Flags Risks

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.