3 hours ago
6
TLDR:
- New Phantom Chat feature expands wallet social tools while unresolved address poisoning risks remain active.
- ZachXBT linked a recent 3.5 WBTC loss to spam transactions that copied trusted wallet address patterns.
- Address poisoning exploits wallet history displays and can mislead users during routine transfers.
- Social wallet features may increase exposure to scams if interface protections remain unchanged.
Phantom has announced plans to launch a new social feature called Phantom Chat in 2026. The update aims to transform the Solana wallet into a messaging and discussion hub.
Soon after the reveal, security concerns surfaced about unresolved wallet vulnerabilities. The warnings focus on address poisoning and the risk of user fund losses.
Phantom Chat feature raises address poisoning concerns
Wu Blockchain reported that Phantom unveiled Phantom Chat as part of its long-term product roadmap.
Phantom announced the launch of Phantom Chat, positioning it as a new social feature planned for 2026. On-chain investigator ZachXBT warned that the feature could become a new entry point for asset theft, noting that Phantom has yet to address the issue of "address poisoning". He…
— Wu Blockchain (@WuBlockchain) February 10, 2026
The wallet compared its vision to Telegram groups and X communities for crypto discussions. Mockup images showed emoji-based group chats designed for real-time interaction.
Phantom already introduced live chat features through its prediction markets integration with Kalshi in December 2025. The new roadmap suggests a broader move toward social tools inside the wallet. The platform currently serves more than 15 million users across its ecosystem.
On-chain investigator ZachXBT responded to the announcement, warning about unresolved address-poisoning risks. He stated that Phantom still does not filter spam transactions from user histories. This allows look-alike addresses to appear among legitimate transaction records.
According to ZachXBT, one user lost 3.5 WBTC last week after copying the wrong address from recent activity.
He traced the theft to a transaction created through spam records that mimicked the first characters of a trusted wallet address. He shared the wallet and transaction hashes publicly to document the incident.
So a new method for people to get drained.
Please consider fixing address poisoning first.
A victim lost 3.5 WBTC last week since your UI still does not filter out spam txns users so they accidentally copied the wrong address from recent transactions since the first… pic.twitter.com/lid7ATYEvl
— ZachXBT (@zachxbt) February 10, 2026
Security risks emerge as Phantom expands wallet social tools
Address poisoning occurs when attackers send small transactions from deceptive addresses. These addresses resemble legitimate ones and appear in wallet histories. Users who copy them may unknowingly send funds to attackers.
ZachXBT argued that adding social features without fixing this issue could widen the attack surface.
He warned that chat-based activity could increase exposure to malicious links and fake addresses. His comments focused on user interface design rather than blockchain flaws.
Phantom’s announcement attracted heavy engagement from memecoin promoters and trading communities. Replies included promotional messages tied to new tokens and groups. This activity highlighted the potential for spam to blend with legitimate discussions.
Wu Blockchain noted that Phantom Chat positions the wallet as a crypto super app combining trading, social interaction, and market sentiment. The move follows a broader trend of wallets adding communication tools.
Security researchers have stressed that transaction filtering and address verification remain essential for user protection.
English (US) ·