By James Davis
Following the recent high-profile NFT exploit that targeted Proof founder Kevin Rose, crypto Twitter started to highlight the security advantages of non-custodial wallets. Rose, who is the creator behind Moonbirds, a top NFT project, was a victim of a phishing attack on Wednesday.
The Hacker sent the Proof founder a message that granted them access to his wallet. The attacker would later make away with over 40 digital assets, including a valuable Autoglyphs NFT worth about $490,000 as of this writing.
After Rose revealed the exploit on his Twitter account, another Twitter user responded to the tweet claiming that Phantom, a Solana-based wallet, had cautioned its users of the same malicious website that attacked him. The wallet developer has since blocked it.
How Phantom Wallet Blocks Malicious Transactions
Phantom has a mobile app and a browser extension that users can use to buy or transfer their NFT collection, just like Metamask. The wallet founder Francesco Agosti says that initially, they manually did certain forms of blocking, but the process is getting increasingly automated over time.
Phantom reported on Wednesday that so far, it has scanned more than 80 million transactions and managed to block about 18,000 suspicious transactions. Agosti emphasized the importance of keeping up with the attackers, who tend to come up with new strategies every day.
However, the Phantom wallet founder acknowledged that Rose’s issue was different. The Proof founder signed a message and not a transaction. Currently, Phantom does not scan messages, but Agosti says the firm is considering scanning them soon.
What’s a Phishing Attack?
Phishing is the leading form of online attacks. Such scams can come through text, email, or social media. For example, a few days ago, the Robinhood exchange’s Twitter account got compromised by attackers who initiated a phishing attack impersonating the famous trading platform.
Phishing attacks usually request users to respond, regardless of the transmission method. In most cases, the attackers would want you to reply to a text message or click a link connecting you to a scam website. Agosti says since all devices connected to the internet are potential targets, his wallet is always ready.