Phantom wallet adds authentication standards support to protect against phishing

Crypto Ecosystems • February 10, 2023, 8:56AM EST
theblock

Quick Take

  • Phantom crypto wallet has added support for “Sign In With” standards for Web3 authentication.
  • The standards are aimed to enhance users’ security in interactions with dApps and protect users from phishing attacks.

Crypto wallet app Phantom introduced support for "Sign In With" (SIW) standards to improve user security and protect against phishing attacks. 

Phantom will provide users with necessary information when they interact with decentralized apps (dApps) that adopt certain security standards for Solana and Ethereum crypto users, including Sign In With X (CAIP-122) and Sign In With Ethereum (EIP-4361), according to a blog post published yesterday. 

These standards help crypto accounts to securely authenticate with off-chain services by signing a message. The new feature is an optional addition to Phantom's suite of security services and is up to the discretion of dApps.

If a dApp implements a SIW format but has invalid fields, Phantom will issue a warning to users. The wallet will display pop-up fields that provide information such as the domain name of the site and nonce, to prevent signature replay attacks. Such attacks can happen when an attacker intercepts a digital signature and then uses it to gain unauthorized access. Digital signatures are used to verify the authenticity of transactions and messages, but if an attacker is able to capture one, they can bypass the authentication process and potentially access sensitive data or steal assets.

Phishing concern

The move is in response to increasing concern over the vulnerability of generic sign-in messages, which can be intercepted by phishing attacks. The "Sign In With" standards are intended to eliminate the uncertainty in determining whether a user is at risk of such phishing attempts. Phantom believes that, eventually, the decentralized web ecosystem will fully adopt SIW standards as a chain-agnostic solution for generic sign-in messages and as an alternative to centralized identity providers.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Developed by a group of Ethereum creators who also built the decentralized exchange 0x, Phantom is the most widely used wallet on the Solana blockchain. In November, it expanded its reach across two blockchains, Ethereum and Polygon.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Andrew Rummer at
[email protected]

More by Vishal Chawla