The Internet reported that Scam Sniffer issued a warning on X on February 6 that the scammer was connecting to the real Phantom wallet and trying to deceive users through a false "update extension" signature request. If the victim approved the request, a prompt would appear, asking them to enter a seed phrase. If this phrase was entered, the scammer could completely enter the wallet and swipe it. In late January, Scam Sniffer warned Phantom users about pop-up windows on malicious websites that mimic the appearance of Phantom's interface and prompted users to enter wallet seed phrases to make fake connection requests. To identify malicious pop-ups, Scam Sniffer recommends right-clicking on the link because "phishing web pages prevent right-clicking" and the real Phantom wallet window does not restrict that action.