The Phantom Wallet is a desktop browser add-on that allows you to keep track of your Solana assets. It’s widely used in the Solana ecosystem, with numerous dapps opting for it as a choice for wallet connections. Is the Phantom Wallet safe to use? Is it worthwhile? Let’s have a look.
Software Interface Review
The Phantom Wallet download link is at Phantom.app, the official website for the wallet. The desktop-only extension is available for installation from the link labeled “Add to [Browser].” It’s compatible with Chrome, Brave, Firefox, and Edge. The link and button label will differ based on the browser you’re using. After you install it, a ghost-like symbol appears on your browser. You can use the icon just like any other browser add-on.
There are five icons at the bottom of the interface and a hamburger menu at the top-left. The bottom icons show your balance, your NFT collection, a DEX interface, recent transaction activities, and settings. The top menu allows you to manage your wallet connections.
Opinion
The interface is easy to navigate. You can handle your finances, examine your Solana NFT collection, and use the basic DEX interface without being lost. If you’ve ever experienced the SolFlare UI, the Phantom Wallet appears very familiar. As an end-user, one minor adjustment would be to label the icons to assist crypto novices better.
Activate and Setup Review
When I first open the Phantom Wallet, the onboarding procedure begins. I only have two options: to create a new wallet or enter your recovery phrase. I choose to create a new wallet. The app displays a 24-word mnemonic phrase in a pop-up, allowing me to copy it to my clipboard. After clicking the blue button (“OK, I saved it somewhere”), I’m prompted to create a password. After skipping through more prompts, the main user interface appears, showing a zero balance wallet.
I have a Ledger hardware device. Is it possible to connect it instead of entering my mnemonic phrase? I can choose three additional wallet functions on the left-hand menu: create a new wallet, import an existing wallet, or connect it to a Ledger Nano hardware device. Create a new wallet option generates a different public address. Import an existing wallet option prompts me to enter a private key string. Connect hardware wallet option pings my Ledger Nano and configures the Phantom Wallet to utilize my device.
Opinion
Activating the Phantom Wallet is easy. However, it’s not as intuitive to set up a hardware wallet connection. The option isn’t displayed or alluded to during the onboarding process, and the choice is only located in the main menu after you’ve completed the installation. To find it, you must know to look within the menu. I’ve used the SolFlare wallet before, so I know where to look for it, but I think it should be more obvious and accessible from the beginning.
Transaction Review
The Phantom Wallet allows a person to initiate transactions and swap Solana tokens. Click either button in the central dashboard area to send or receive funds. Then choose the coin or token for the transaction. The public address and QR code will be given to you when you choose to receive funds. When sending assets, the amount to send must first be specified, after which a box will appear where you can sign the transaction. If a hardware connection exists, the wallet will look for the Ledger Nano device. If you use the browser extension as a hot wallet, you’ll be asked to enter your password. Similarly, when a swap happens in the wallet app, you must sign the transaction on the Ledger Nano device or enter the password.
In other dapp interfaces, they may utilize the Phantom Wallet to sign transactions. I’ve used the wallet to approve fund transfers on Solana DEXs. First, you’ll need to allow a dapp to communicate with the Phantom Wallet (which usually incurs no fees). You can then move on to completing an operation inside the wallet.
Opinion
Transactions are easy to start and operate in the same way as other wallets. Using a hardware signature adds another layer of protection, but only if you connect to the wallet using a Ledger Nano (see the following section for more on security). The Phantom Wallet has a few features that make life easier, such as a DEX for swapping Solana and SPL coins, but you can only trade six tokens – three of which are Ethereum-based (USDT, USDC, and Wrapped Ethereum).
However, the absence of error notifications is a significant drawback. I was conducting a transaction, and the Phantom Wallet kept crashing. I was reminded of a similar experience when Metamask alerted me to the need for “Blind signing” on the Ledger device, which I found in Solana’s setting on the device. The transaction was able to continue after I enabled it. A novice could lack this knowledge and spend a significant amount of time figuring out the problem. I believe that improved error reporting would make the Phantom Wallet more helpful.
Security Review
The Phantom Wallet has a few security features to safeguard your assets from thieves. To access the primary user interface, you must enter a password, and dapps may be restricted to perform specific tasks. If you want to use your Ledger Nano instead of entering your private key directly, you can employ device signing to allow transactions.
The Phantom Wallet’s best feature is that it is self-custodial, with private key data kept on your computer rather than a third-party server – if you’re not using a hardware device. Although the browser wallet has a safety advantage over online wallets, this characteristic has the same level of exposure as any other hot wallet. If a person hacks your computer, they might be able to crack your password and access your funds. Plus, there does not appear to be a maximum login attempt limit in the browser wallet.
Kudelski Security conducted a security audit (at the behest of Phantom Wallet’s creator) and discovered a moderate security issue. The wallet’s public address may be replaced with another one in the interface without notice. It’s a problem that any locally hosted wallet software can face. The Phantom Wallet, however, does not verify generated public addresses. Here’s the exact quote from the audit report: “The wallet address is available in storage even while the wallet is locked. This weakness makes it possible for a malicious user to replace the wallet address.” This finding does not make the browser plugin less safe than other wallets, but it requires additional caution to keep track of your public address and ensure that it is consistent. You might avoid a hacking dilemma by not mixing your browsers; use one browser to surf the web and another for conducting cryptocurrency transactions.
Opinion
Despite the security firm’s audit finding, the Phantom Wallet appears safe enough to safeguard your funds. It’s refreshing to see a wallet creator engage a security firm for an examination. Hopefully, they’ll address the moderate security issue discovered in the audit.
Supported Coins
The Phantom Wallet supports the SOL coin and SPL tokens. Its native DEX interface lets you swap the most popular Solana tokens, three of which are well-known Ethereum-based tokens (USDT, USDC, and Wrapped Ethereum). You can also manage your NFT collection within the wallet’s interface.
Overall Opinion
The Phantom Wallet is well-liked in the Solana community, and I have no doubt why. Its interface is easy to navigate. There are several secure security components to safeguard your assets, such as the ability to link your Ledger Nano. You can interact with the wallet for most dapps, and you may remove a dapp’s permission at any time. You should make sure that your web browser is safe from hacking, and you might want to isolate the wallet when you’re browsing the Internet. Your web browser might be a weak point, and if it’s compromised, your wallet becomes vulnerable to theft.