After the latest high-profile NFT hack, this time taking down tech entrepreneur Kevin Rose, the security advantages of self-custody wallets were making the rounds on Crypto Twitter again.

On Wednesday, the creator of Proof and the Moonbirds NFT project was the victim of a phishing attack after the scammer sent Rose a message that leveraged permissions that he'd already granted to his MetaMask wallet on the OpenSea marketplace. When that message was signed, the thief used those privileges to drain over 40 NFTs, including an Autoglyphs NFT worth almost $500,000, from his wallet.

A tweet responding to Rose pointed out that the popular Solana cryptocurrency, Phantom, had warned its users of a malicious website and blocked the website that had snared Rose. The wallet developer responded, “we got your back.”

Like MetaMask, Phantom has a browser and mobile app that users can use to purchase, buy, or send their favorite NFT collections.

“We’ve always done certain forms of blocking—initially manually through an open source blocklist, and then getting more automated and sophisticated over time,” Francesco Agosti, Phantom co-founder and CTO, told Decrypt via direct message. “You need to keep up with scammers, who are coming up with new strategies all the time, to be effective.”

 NFT Revolution

This MetaMask Ethereum Wallet Update May Help Thwart NFT Scams

Social media scams are booming in the NFT space, with Twitter and Discord users duped into connecting their crypto wallets to malicious smart contracts—and having their NFTs and other tokens swiped as a result. Now the top Ethereum wallet, MetaMask, has updated its interface to try and help users recognize and avoid such scams. MetaMask released a new 10.18.0 update to the wallet this week, which includes a change to the way that the software presents a requested setApprovalForAll permission. Gr...

In a blog post on Wednesday, Phantom addressed the issue of phishing and scams, saying that the wallet has scanned over 85 million transactions and blocked over 18,000 wallet-draining transactions.

Agosti says Phantom uses manual and automated systems to keep its website blocklist up-to-date, and the company proactively blocks sites it finds suspicious characteristics.

Agosti acknowledged that the issue that hit Rose yesterday was that he signed a message, not a transaction. Phantom currently doesn’t scan messages, but Agosti said the company is working on scanning them in a future release.

“You don’t have to change any settings; it’s all on by default,” he said. “You probably won’t notice it when using safe dApps, but it activates when you visit a website or try to submit a transaction we think is malicious.”

Hacker Steal Your Crypto? New MetaMask Tool Could Help You Get it Back.

If someone steals your credit card or goes on a shopping spree with your debit card, there's a good chance Visa or your bank will reverse the charges and help you untangle the mess. But for fraud victims in the crypto realm, the experience is very different. "If you lose your crypto, it’s a very humbling and lonely experience. And the amount of people who get scammed twice is huge," says Aidan Larkin, CEO of investigation firm Asset Reality, who notes that victims are often preyed on a second ti...

Phishing is one of the most common forms of online attacks. These scams can come via email, social media, or text. On Wednesday, the Twitter account of the Robinhood exchange was compromised by hackers who launched a phishing attack impersonating the popular trading platform.

Regardless of the method of transmission, phishing scams ask users to respond in some way, either by replying to a text message or clicking a link that connects the users to a malicious website. And while any device linked to the internet is a potential target, Agosti says the Phantom wallet comes ready.

“Phishing is pretty constant—perhaps growing overall as more users enter the space and the opportunity becomes more attractive. In terms of actual scams—that fluctuates. Usually, what happens is that things are fairly stable for a while, and then scammers discover a new strategy that works really well, and then the number of scams spikes as the ecosystem adapts to that new strategy. Kind of like an immune system,” he said.

Decrypt reached out to the creators of MetaMask, but has yet to receive a response.