Phantom Wallet, a Solana wallet built for Decentralized Finance (DeFi) and Non-Fungible Tokens (NFTs) has initiated standards to shield users from attack and enhance Web3.0 authentication.
According to the announcement, the self-custodial wallet has adopted a total of three “Sign In With” (SIW) standards. The first is Sign In With X (CAIP-122), the second is Sign In With Ethereum (EIP-4361), and the third is Sign In With Solana (EIP-4361 extension).
Unlike the vulnerabilities of one domain impersonating another in the generic sign-in messages, the SIW standards (CAIP-122 or EIP-4361) assist in validating users’ message fields at the time of their signing in. Information on the fields includes the site’s domain, the time at which the message was issued, and a nonce used to prevent signature replay attacks.
Phantom wallet introduces new layers of security
All of this extra security work by the browser-based wallet to initiate SIW standards helps to forestall any form of mishap that may arise in the nearest future. Also, it will assist to stop bad actors from intercepting generic sign-in messages and acting as users to have access to their personal information and email addresses.
Although these standards have not been fully adopted as it is in process, Phantom believes that with time the ecosystem at large will fully embrace the SIW standards as a solution to generic sign-in messages. Note that most of the Phantom users won’t be able to have access to these great features except if a decentralized application (dApp) decided to choose one of the SIW formats. Until then, the generic message sign-in remains the same.
However, if the SIW format is opted for, a signature request will be presented to users to approve upon signing in. If the reverse is the case and one of the domains or addresses doesn’t match the user’s details, Phantom will issue a warning to avoid users from falling victim to the bad guys.
As reported by TheCoinRise last year, multiple wallets were compromised on the Solana blockchain network, but the Phantom team came out to recuse itself saying investigations have not revealed that any of its systems were compromised. The team also noted that some of its users who were affected by the attack were as a result of importing their wallet or keyphrases from non-phantom wallet platforms.
Floppypepe ($FPPE) is your ticket to the moon. Escape the ordinary and reach for lunar gains with this AI meme token. Secure your spot now before it's too late.
Join Now