Phantom offers a suite of industry-leading security features and a dedicated support team to help keep users safe. That said, security starts with you. Here are a few things you can do to help keep your Phantom wallet secure:
- Never share your secret recovery phrase! This includes support staff or websites you are interacting with. The phrase is only needed to restore your wallet, for eg. if your device is lost or damaged.
- Secure your Operating system:
- Use a very strong password for Phantom
- Enable auto-lockout timer under Settings > Security & Privacy
- Avoid certain file types entirely, especially from unknown sources (eg. from email or surfing the web).
- Never interact with unsolicited tokens / NFTs. Scammers send "airdropped" tokens, hoping a user will visit their site and interact with their Dapp which then withdraws funds from a wallet.
- Read our transaction simulation messages. We offer a simple message that states what a transaction will do. If the transaction simulation does not do what you expect, or it the simulation fails, do not proceed!
- Only visit trusted, reputable Dapps and sites. New sites that show up one day and disappear the next are high risk for phishing users.
- Use two wallet accounts, the first for everyday web3 interactions, the 2nd account for storage purposes only. The 2nd wallet should only send/receive with the first wallet. To do this, simply click the hamburger icon on Phantom, then click + then click Create a wallet.
- Use a hardware wallet such as a Ledger device. Store your most valuable digital assets on the Ledger device, and only interact with Web3 solutions
- Periodically take time to revoke access to your wallets on Ethereum, and Solana.
If you have any questions or concerns related to the best practices suggested above, or are unsure if a site you are wanting to visit/interact with is safe, please do NOT proceed. Reach out to our support team first and we'll be happy to assist!