Security tips for Phantom users

Before you start buying, swapping, or exploring crypto on Phantom, there are a few important things to understand about how your wallet works and how to keep your funds safe.

This guide covers what to watch out for, what Phantom does to protect you, and the steps you can take to stay secure.

You are in full control of your wallet

Phantom is a self-custodial wallet. This means only you have access to your funds. Phantom cannot move your money, freeze your account, or recover your funds if something goes wrong.

This is different from a bank or a traditional financial app since transactions cannot be reversed. Once funds leave your wallet, they are gone.

Understanding this upfront is one of the most important things you can do to protect yourself.

Transactions are permanent

Every transaction on the blockchain is permanent and irreversible. Once you send funds or approve a transaction there is no undo button. Phantom cannot reverse it. No one can.

This is why it is so important to pause and verify before you approve anything. A few extra seconds of caution can prevent permanent loss.

Avoid common scams

Scammers rely on urgency, impersonation, and confusion. Here's what to watch out for:

• Someone claiming to be Phantom Support reaching out to help you. Phantom will never contact you first. Do not respond, click any links, or follow any instructions.
• Messages on social media platforms or email asking you to verify your wallet or claim a reward. Ignore these and do not click any links.
• Tokens appearing in your wallet with instructions to visit an external site. Do not click anything or interact with the token. Hide and report it in Phantom.
• Anyone asking for your Secret Recovery Phrase for any reason. No legitimate person or platform will ever ask for this. Do not share it under any circumstances.
• Links asking you to connect your wallet to claim tokens, receive airdrops, or unlock rewards. Do not connect your wallet to any site you did not seek out yourself.
• Before sending funds, always verify the full wallet address. Avoid copying addresses from transaction history.
• Impersonation sites and fake apps exist. Only download Phantom from the official App Store, Google Play, or phantom.com. Never install anything from a link someone sends you.
• If someone gives you a recovery phrase and asks you to import it, do not. Wallets set up this way are controlled by the person who gave you the phrase.

See Common token scams, Common NFT scams, and Understanding token security signals for more detail.

Protect your wallet

Never share your recovery phrase

Wallets are controlled by a unique set of 12 words in a specific order, known as a Secret Recovery Phrase. This phrase is the master key to your wallet. Anyone who has it has full and permanent access to your funds.

A few simple rules to follow:

• Write it down on paper and store it somewhere safe offline
• Never store it in a notes app, photo, email, or cloud storage
• Never enter your Secret Recovery Phrase into any website
• Never share it with anyone, not a friend, not a support agent, not anyone claiming to be from Phantom

Phantom Support will never ask for your Secret Recovery Phrase. Ever. If anyone asks for it they are attempting to steal your funds.

Never share your PIN

If you created your wallet with a Google or Apple account, your four-digit PIN is part of your recovery process. Treat it the same way you would treat your recovery phrase. Never share it with anyone, including Phantom Support.

Secure your device

• Keep your OS and apps updated
• Use a strong, unique password for Phantom
• Install antivirus and anti-malware protection
• Avoid downloading unknown files or browser extensions, and never interact with suspicious links

Enable auto-lock

Set Phantom to lock automatically when not in use. Go to Settings → Security & Privacy → Require authentication (mobile app) or Auto-Lock Timer (browser extension), and set it to Immediately.

Review transaction previews

Phantom simulates every transaction before you sign and shows a plain language preview of what will happen. If something looks suspicious you will see a warning. Always read these warnings before proceeding.

Hide and report spam

Never interact with NFTs or tokens you didn't expect to receive. Report and hide them directly in Phantom to remove them from view and help improve detection for everyone.

• Unhide a token in Phantom
• Unhide a collectible in Phantom

Use trusted apps

Only connect to reputable, verified sites. Use the Explore tab in Phantom to find apps you can trust. Be especially careful with links sent over DMs or found in comment sections.

• Use the Explore tab in Phantom on mobile
• Use the Explore tab in the Phantom browser extension

Go further

Use separate accounts

Keep one account for long-term holding and another for interactions with apps. That way, if something goes wrong in an app, your main holdings are unaffected. See Manage your accounts in Phantom.

Use a hardware wallet

For high-value assets, a hardware wallet like Ledger adds an extra layer of protection by keeping your private keys offline.

• Use a Ledger wallet with the Phantom browser extension
• Use a Ledger wallet with the Phantom mobile app

Revoke token approvals

Periodically review and revoke token permissions on Ethereum and Solana to limit exposure from past app interactions. See Tools to help you avoid crypto scams.

Verify contract addresses

Before swapping, sending, or buying a token, check its contract address to confirm you are looking at the right one. See Check a token's contract address before you interact with it.

Important: Phantom Support will never message you on Discord, X, Telegram, or other chat apps. The only ways to contact us are listed in Get help from Phantom.