If you see this warning, Phantom has detected that the Solana account you're viewing may be controlled by a scammer or malicious program.
"This account might be malicious. Do not send or deposit funds into it. Please proceed with caution."
If an account is malicious, you may still see a balance in Phantom, but you might not be able to move the funds. Any new deposits to that address may be drained by the attacker.
Causes
You signed a transaction that changed account ownership
Every Solana account has an owner program. New wallets are owned by the System Program by default, which handles basic functions like SOL transfers. If you signed a malicious transaction, ownership may have been transferred to a different program—one designed to block withdrawals or drain funds.
You imported a compromised recovery phrase
If you imported a recovery phrase or private key that someone else shared with you—or that you purchased online—it may already be controlled by a scammer. This is known as a "rotten seed phrase" scam.
Check your account ownership
- Select Receive.
- Copy your Solana address.
- Go to Solscan and paste your address.
- In the More info section, find the Owner field.
- If the owner is anything other than System Program, your account may be compromised.
What to do
- Don't send funds to the flagged account.
- If you can, move any remaining funds to a different account owned by the System Program.
- If you imported a recovery phrase from someone else, stop using it and create a new wallet.
- Only interact with apps you trust.
For help moving your funds, see Move assets when you need to start over with a new wallet.