Phantom unveils Chat for 2026, but address poisoning scams drain wallets. User lost 3.5 WBTC last week. ZachXBT warns wallet’s not fixing the issue.
Phantom’s gonna launch Chat in 2026. Sounds exciting, right? But there’s a problem that’s way worse.
The wallet just teased its new feature. According to Phantom on X, they’re rolling out Chat this year. They said, “2024: Telegram, 2025: X communities, 2026: PHANTOM CHAT.”
2024: Telegram
2025: X communities
2026: PHANTOM CHAT pic.twitter.com/K7jxQfu1lM
— Phantom (@phantom) February 9, 2026
Source: Phantom
People seemed hyped about it. New social features always get attention. But one security researcher wasn’t impressed at all.
Your Wallet’s Biggest Threat Right Now
ZachXBT didn’t hold back his criticism. The on-chain investigator called out Phantom pretty hard.
According to ZachXBT on X, there’s “a new method for people to get drained.” He told Phantom to “please consider fixing address poisoning first.”
So a new method for people to get drained.
Please consider fixing address poisoning first.
A victim lost 3.5 WBTC last week since your UI still does not filter out spam txns users so they accidentally copied the wrong address from recent transactions since the first… pic.twitter.com/lid7ATYEvl
— ZachXBT (@zachxbt) February 10, 2026
Source: Zachxbt
A user lost 3.5 WBTC last week. That’s a massive hit for anyone holding crypto. The theft happened through address poisoning, ZachXBT said.
The victim copied what looked like their address. But it wasn’t theirs at all. The UI didn’t filter spam transactions properly.
How This Scam Actually Works
Address poisoning’s kinda sneaky, honestly. Scammers send tiny amounts to your wallet. These transactions create fake addresses in your history.
The fake addresses look real at first glance. The first few characters match your real address. Last characters match too sometimes.
Users check their transaction history later. They see what looks like their address. Copy it without checking the middle part.
Money goes to the scammer’s wallet instead. It’s gone before you realize the mistake. No way to get it back either.
ZachXBT shared the theft details publicly. The stolen funds went to address 0x85cBe4af7167887839f27A759EED03E7Af11D8f6. Transaction hash was 0x9f0fc3cd380fcde7cd7f0b1d8a646021841b211b784ac00c8ed9d4e267a647a4.
Phantom’s UI still shows these spam transactions. That’s the core problem ZachXBT’s pointing out. Users can’t tell real from fake easily.
Stop Getting Poisoned – Do This Now
Don’t copy addresses from transaction history ever. Use your address book or saved contacts. Double-check every single character before sending.
Verify the entire address, not just the start. Middle characters matter just as much. One wrong letter sends funds to scammers.
Send small test amounts first, always. Wait for confirmation before big transfers. Costs more in fees but saves fortunes.
Use hardware wallets when you can. They show full addresses on the device. Makes verification way easier and safer.
Some wallets filter spam transactions automatically. Phantom doesn’t do this yet, apparently. That’s what ZachXBT’s calling them out for.
The researcher thinks Chat’s premature right now. Security issues need fixing before new features. Makes sense when people’re losing Bitcoin weekly.
Phantom hasn’t responded to ZachXBT’s criticism yet. They’re probably gonna address it soon though. Community pressure builds fast in the crypto space.
Address poisoning attacks keep growing this year. More wallets need better spam filtering. Users gotta stay alert till that happens.
