Crypto wallet app Phantom introduced support for "Sign In With" (SIW) standards to improve user security and protect against phishing attacks.
Phantom will provide users with necessary information when they interact with decentralized apps (dApps) that adopt certain security standards for Solana and Ethereum crypto users, including Sign In With X (CAIP-122) and Sign In With Ethereum (EIP-4361), according to a blog post published yesterday.
These standards help crypto accounts to securely authenticate with off-chain services by signing a message. The new feature is an optional addition to Phantom's suite of security services and is up to the discretion of dApps.
If a dApp implements a SIW format but has invalid fields, Phantom will issue a warning to users. The wallet will display pop-up fields that provide information such as the domain name of the site and nonce, to prevent signature replay attacks. Such attacks can happen when an attacker intercepts a digital signature and then uses it to gain unauthorized access. Digital signatures are used to verify the authenticity of transactions and messages, but if an attacker is able to capture one, they can bypass the authentication process and potentially access sensitive data or steal assets.
The move is in response to increasing concern over the vulnerability of generic sign-in messages, which can be intercepted by phishing attacks. The "Sign In With" standards are intended to eliminate the uncertainty in determining whether a user is at risk of such phishing attempts. Phantom believes that, eventually, the decentralized web ecosystem will fully adopt SIW standards as a chain-agnostic solution for generic sign-in messages and as an alternative to centralized identity providers.
Developed by a group of Ethereum creators who also built the decentralized exchange 0x, Phantom is the most widely used wallet on the Solana blockchain. In November, it expanded its reach across two blockchains, Ethereum and Polygon.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.