Scam Sniffer posted a warning on X on Feb. 6 that scammers are connecting to real Phantom wallets and trying to trick users with fake "update extension" signature requests, and if victims approve the request, a prompt appears asking them to enter a seed phrase that, if entered, gives scammers full access to the wallet to steal. In late January, Scam Sniffer warned Phantom users about pop-ups on malicious websites that mimicked Phantom's interface appearance and prompted the user to enter a wallet seed phrase to make a fake connection request. To identify malicious pop-ups, Scam Sniffer recommends right-clicking on links, as "phishing pages prevent right-clicking", while a real Phantom wallet window does not restrict the action.