ZachXBT flags Phantom chat risk, urges spam filters

Security researchers are examining Phantom wallet’s chat feature after a user lost $264,000 worth of Wrapped Bitcoin in a suspected address poisoning attack linked to the messenger. The loss equals 3.5 wBTC.

Blockchain investigator ZachXBT shared on-chain data showing 3.5 wBTC moving from address 0x85c to 0x4b7 on Wednesday. The receiving wallet is flagged as a high-balance account on analytics platform Nansen. The pattern aligns with address poisoning, where scammers seed a wallet’s history with small or lookalike transfers so victims later copy an attacker’s address by mistake.

ZachXBT connected the incident to Phantom Chat and urged the company to harden the interface. He called the messenger a “new method for people to get drained” and warned that failure to hide spam-like activity can expose users to address confusion.

An X user posting as Kill4h reported two address poisoning attempts allegedly linked to the chat feature, sharing screenshots of transfers worth $136 and $101 in USDC. The small amounts match the seeding tactic used to clutter transaction histories.

Phantom advises users to treat unsolicited tokens or NFTs as scams and to avoid clicking links in paid search results or social media posts that promise airdrops. The company rolled out its live chat on Dec. 23 across tokens, perpetual futures and predictions pages.

Address poisoning has drawn wider attention after high-value thefts. In December 2025, an investor lost about $50 million in such a scheme, prompting Binance co-founder Changpeng Zhao to press wallet developers for basic protections. “All wallets should simply check if a receiving address is a ‘poison address’ and block the user. This is a blockchain query,” he wrote in a December post. “Wallets should not even display these spam transactions anywhere. If the value of the tx is small, just filter it out.”

Researchers point to several mitigations, including hiding tiny unsolicited transfers, flagging addresses that appear only in low-value inbound activity, and prompting users to verify recipients through address books, QR codes or previously approved contracts.

Wrapped Bitcoin is a tokenized version of Bitcoin used on other blockchains. Because these transfers are irreversible and rely on exact wallet addresses, clear interface design and fraud warnings can help prevent user mistakes that attackers exploit.

As we covered previously, crypto losses from hacks and scams jumped to about $370.3 million in January, the highest monthly total in roughly 11 months, with attackers relying more on phishing and social engineering than technical exploits, CertiK reported.

Forty incidents were logged, but one social engineering case made up about $284 million, taken from a single victim. The figures highlight how “offchain” compromise-through identity, device, or workflow failures when keys or approvals are exposed-can quickly drain “onchain” funds.