The latest version of Phantom Wallet may have security vulnerabilities, users should be aware of the risks

23pds, the Chief Information Security Officer of SlowMist Technology, issued a warning that the latest version of the Phantom wallet may have security vulnerabilities. Victims have explained the risk of Phantom Profile: when users import mnemonic phrases from unknown sources, if the mnemonic phrase is already associated with Phantom Profile, the wallet will automatically log into that account system, putting the user's assets at risk of being stolen.

According to the victim's description, when users who have not enabled Phantom Profile import such mnemonic phrases, the wallet will automatically log into the attacker's account system that was pre-set, rather than just importing a single wallet address. As the latest version of Phantom uses a unified account system (Unified Profile System), this operation will give the attacker the associated permissions of the user's device, thereby monitoring the user's subsequent deposit behavior and implementing coin theft.

Reminder: Never import mnemonic phrases from unknown sources under any circumstances. It is recommended that users use a brand new device when importing a new wallet to avoid damage to their main assets.