ZachXBT Exposes Flaw After 3.5 WBTC Theft
On February 10, 2026, prominent on-chain investigator ZachXBT issued a public warning regarding a significant security vulnerability in the Phantom wallet's chat feature. The alert followed a recent incident where a user lost 3.5 Wrapped Bitcoin (WBTC) through an "address poisoning" scam. This attack method involves an attacker sending a tiny transaction from a wallet address that closely mimics a legitimate one. The fraudulent address then appears in the user's transaction history, tricking them into mistakenly sending funds to the attacker in a subsequent transaction.
Scam Questions In-Wallet Social Feature Security
The theft underscores the inherent security risks of integrating social communication tools directly into cryptocurrency wallets. While intended to improve user experience, features like Phantom Chat can expand the attack surface for malicious actors. This event will likely pressure the Phantom team to issue a formal response and a security update to address the vulnerability. More broadly, the incident serves as a cautionary tale for the digital asset industry, highlighting how adding social layers to financial applications can erode user trust and necessitate more stringent security measures, potentially affecting sentiment around the wallet's host ecosystem, Solana.
