Phantom’s New Chat Feature Raises Security Concerns

In Brief

• Phantom plans to launch an in-wallet chat feature.
• Security expert warns it could amplify address poisoning risks.
• Stronger protections are urged before rollout.

Phantom has announced Phantom Chat, a new in-wallet social feature planned for 2026. Though the addition aims to expand user interaction inside the wallet, it has already sparked security concerns from on-chain investigators.

Notably, digital scam investigator ZachXBT replied to Phantom’s announcement in a comment on February 10, warning that the blockchain platform’s ambitions may introduce a new attack surface unless a long-standing issue of address poisoning is tackled first.

What Is Address Poisoning, And Why It Matters

Address poisoning is a scam technique where attackers send tiny ‘spam’ transactions to a user’s cryptocurrency wallet from look-alike addresses that closely resemble legitimate ones.

When users later copy addresses from their transaction history without careful filtering, they may accidentally paste the attacker’s address instead of the intended recipient.

According to ZachXBT, Phantom’s interface still doesn’t sufficiently filter these spam transactions. As a result, users scrolling through recent activity may see multiple nearly identical addresses, increasing the risk of copying the wrong one.

Furthermore, ZachXBT stressed that a user lost 3.5 WBTC the week before, after mistakenly copying a poisoned address from their transaction history. The theft occurred because the wallet UI displayed spam transfers prominently, making the fraudulent address appear trustworthy.

So a new method for people to get drained.

Please consider fixing address poisoning first.

A victim lost 3.5 WBTC last week since your UI still does not filter out spam txns users so they accidentally copied the wrong address from recent transactions since the first… pic.twitter.com/lid7ATYEvl

— ZachXBT (@zachxbt) February 10, 2026

Why Phantom Chat Raises New Concerns

The developers designed Phantom Chat to enable direct communication between wallet addresses. Though this may improve coordination and social interaction, critics argue it could also amplify address-backed scams.

Chat messages, combined with unfiltered transaction histories, could reinforce false trust signals, especially for less experienced users. If scammers can pair chat interactions with poisoned addresses already present in a wallet’s activity feed, the likelihood of accidental fund transfers rises sharply.

ZachXBT summarized the risk bluntly, calling it “a new method for people to get drained” unless the developers implement address poisoning protections first.

What Users Should Watch For

Phantom hasn’t yet announced specific mitigation measures ahead of the Chat rollout. Until then, ZachXBT advises users to avoid copying addresses from transaction history, manually verify full addresses before sending funds, and use address books or ENS-style naming where possible.

As wallets evolve beyond storage into social and communication hubs, UI-level security choices are becoming just as important as smart contract audits. Phantom Chat may be innovative, but without stronger protections, critics warn it could turn convenience into costly mistakes.