Phantom has built-in tools to help keep you safe, but your wallet's security ultimately depends on you. This guide covers what to watch out for, what Phantom does to protect you, and the steps you can take to stay secure.
Before diving in, it's worth understanding how your wallet is secured and how your funds are stored. The short version: only you hold the keys, and no one, including Phantom, can recover your wallet if they're lost or compromised.
Recognize common scams
Phishing is the most common threat in crypto. Attackers use fake messages, malicious sites, and social engineering to trick you into exposing your wallet.
Deceptive messages
Scammers impersonate support staff or community moderators on Discord, X, or Telegram. They may claim they can help you and ask for your Secret Recovery Phrase, or direct you to a fake site. Phantom Support will never reach out to you in a DM, and will never ask for your Secret Recovery Phrase or prompt you to sign a transaction outside of the wallet.
Spam NFTs and fake tokens
Scammers airdrop NFTs or tokens to your wallet with messages like "Claim your reward." These links lead to malicious apps designed to drain your wallet. Don't interact with anything you didn't expect to receive.
Other scams to watch for
- Recovery phrases from fake wallet generators that are already compromised before you use them.
- Clipboard malware that silently swaps wallet addresses when you paste.
- Fake devnet tokens such as "devnet SOL" used in phishing links.
See Common token scams and Common NFT scams for more detail.
Protect your wallet
Never share your recovery phrase
Your Secret Recovery Phrase gives full access to your wallet. Only enter it when restoring a wallet, and never share it with anyone, including Phantom Support. If someone has it, they own your wallet.
Never share your PIN
If you created your wallet with a Google or Apple account, your four-digit PIN is part of your recovery process. Treat it the same way you'd treat your recovery phrase. Never share it with anyone, including Phantom Support.
Secure your device
- Keep your OS and apps updated.
- Use a strong, unique password for Phantom.
- Install antivirus and anti-malware protection.
- Avoid downloading unknown files or clicking suspicious links.
Enable auto-lock
Set Phantom to lock automatically when not in use. Go to Settings → Security & Privacy → Auto-Lock.
Review transaction previews
Phantom scans every transaction before you sign and shows a human-readable preview. If something looks off, you'll see a warning. Don't dismiss warnings without reading them.
Hide and report spam
Never interact with NFTs or tokens you didn't expect to receive. Report and hide them directly in Phantom to remove them from view and help improve detection for everyone.
Use trusted apps
Only connect to reputable, verified sites. Use the Explore tab in Phantom to find apps you can trust. Be especially careful with links sent over DMs or found in comment sections. See Use the Explore tab in Phantom.
How Phantom protects you
Beyond what you do yourself, Phantom includes several layers of protection:
- Transaction previews warn you about suspicious actions or contracts before you sign.
- Blocklist automatically blocks known malicious domains and tokens.
- Spam detection flags NFTs and tokens reported by the community.
- Burn feature lets you permanently delete spam NFTs from your wallet.
Go further
Use separate accounts
Keep one account for long-term holding and another for interactions with apps. That way, if something goes wrong in an app, your main holdings are unaffected. See Manage your accounts in Phantom.
Use a hardware wallet
For high-value assets, a hardware wallet like Ledger adds an extra layer of protection by keeping your private keys offline.
- Use a Ledger wallet with the Phantom browser extension
- Use a Ledger wallet with the Phantom mobile app
Revoke token approvals
Periodically review and revoke token permissions on Ethereum and Solana to limit exposure from past app interactions. See Tools to help you avoid crypto scams.
Verify contract addresses
Before swapping, sending, or buying a token, check its contract address to confirm you're looking at the right one. See Check a token's contract address before you interact with it.
Important: Phantom Support will never message you on Discord, X, Telegram, or other chat apps. The only ways to contact us are listed in Get help from Phantom.