Your Phantom wallet is secured by your recovery method. That is the information that proves ownership of your wallet and lets you restore access if you lose your device.
Every wallet uses a public and private key pair. Your public key is your wallet address. It is visible on the blockchain and safe to share. Your private key authorizes transactions and proves ownership of your funds. It should never be shared.
It is practically impossible to derive your private key from your public address. That is why your funds remain secure even though your address is public.
Your recovery method gives you access to your wallet's private keys. In Phantom, that recovery method is either a Secret Recovery Phrase or a Google or Apple account with a PIN.
Warning: Never share your Secret Recovery Phrase or private key with anyone, including Phantom Support. Anyone with access to either can fully control your wallet.
Recovery phrase wallets
A recovery phrase wallet is secured by a Secret Recovery Phrase, which is a unique sequence of 12 words linked to your wallet on the blockchain.
The recovery phrase cannot be changed. If you lose it, access to your wallet and funds cannot be restored.
Anyone with your recovery phrase can fully control your wallet. Never share it with anyone, including Phantom Support. Only enter it when restoring a wallet.
Email wallets
You can also create a wallet using your Google or Apple account, secured with a four-digit PIN.
This wallet is still self-custodial. Phantom does not have access to your private keys or your funds. To restore the wallet, you need both your Google or Apple account and your PIN. Neither one alone is enough.
Your wallet also has a 12-word Secret Recovery Phrase that you can export as an additional backup. Store it in a secure, offline location.
Do not share your PIN with anyone. If you lose access to both your PIN and your recovery phrase, your funds cannot be restored.
Device-level protections
On mobile, your wallet is protected by your device's authentication, such as Face ID or fingerprint. In the browser extension, your wallet is protected by a password.
These protections secure access on your device. They do not replace your recovery method.
Built-in protections
Phantom includes features designed to help reduce common security risks:
- Transaction previews show details about what you are about to sign and flag suspicious activity before you approve it.
- Scam and spam protection lets you report, hide, or burn unwanted tokens and NFTs.
- A blocklist warns you before interacting with known malicious sites and domains.
These features help reduce risk, but they do not replace careful review of every site, signature request, and transaction.
The most important thing to know
Phantom is a self-custodial wallet. That means you are responsible for protecting your recovery method and carefully reviewing every transaction you sign.
Transactions on the blockchain cannot be reversed. Lost credentials cannot be recovered. Phantom Support cannot restore access to your wallet or reverse transactions.