Phantom #1: Is it a good wallet?

Protocol review of Phantom, a self-custodial wallet that started on Solana

Apium

Joyce Chin

, and

Swetha Fernando

Feb 06, 2025

The demand for safe, user-friendly wallets has never been higher as the market for virtual currencies keeps growing. Phantom provides easy management of digital assets across multiple blockchains with reportedly 15 million monthly active users according to its latest Sui integration announcement. What makes it stand out among dozens of self-custodial wallets in the market? Let’s find out.

Starting out as a Solana-only wallet in 2021, Phantom offers high-speed and low-fee capabilities powered by the Solana blockchain. It appeals to both new and seasoned cryptocurrency users looking for fast and cheap transactions. As Solana became more widely adopted with over 74 million monthly active wallet addresses, Phantom grew into a household name in Web3.

Since then, Phantom expanded to support Sui, Ethereum, Polygon, Base, and Bitcoin as of February 2025. It catapults Phantom into a competitive self-custodial wallet that shines even among the likes of MetaMask, Trust Wallet, and Solflare.

We believe that Phantom’s popularity among Web3 users comes from its comprehensive features, user-friendly interface, and strong security. In this article we will evaluate what Phantom offers and how it stacks up against other top wallets.

Feature review

As with many other wallets, Phantom offers standard features that allow users to manage their digital assets. Let’s follow a typical user journey to see how that works.

Phantom offers both browser extensions (Chrome, Firefox, Brave, Edge) and mobile app in both iOS and Android. This allows users to easily get started regardless of which ecosystem they are using today. It also means users can manage their assets whether they are at home or on-the-go. We like the flexibility it offers as that means users can access their funds even if they are away from their desktop.

*Phantom - wallet signup options (Feb 2025)*

Once the installation is complete, users can either create a new wallet or import an existing one. While this is standard among wallets, we are glad to see how many options are available to users. Users can choose to create a new wallet with email (social login for the win!) or a traditional seed phrase wallet. For those who already have a wallet, Phantom accommodates not only private keys or recovery phrases but also social login wallets or hardware wallets as well.

After setting up the wallet, users can start onramping (i.e. transferring money from fiat to digital currency). Phantom integrated with Meld in 2024 to offer users multiple channels to bring their capital on-chain. Meld aggregates various onramp providers such as Unlimit and Transak for users, so that users can make informed decisions based on fees and pay-in methods from bank transfers to Apple or Google Pay.

Once the money is on-chain, Phantom allows users to swap it into different digital currencies. Whether it is buying Solana tokens, transferring to another stablecoin, directly staking native tokens, or purchasing Non-Fungible Tokens (NFT)––Phantom gives users the ability to do so within the app. As it now supports multiple chains, users can also bridge assets and manage a cross-chain portfolio with ease.

While some of these are standard offering in wallets, we particularly enjoy the wide variety of integrations Phantom offers for different needs. For example, Phantom integrates with Jupiter, a swap aggregator and perp trading platform, for those into decentralized finance (DeFi). Users experimenting with liquid staking can use Lido, Jito, or Rocket Pool. NFT traders can tap into Magic Eden, Rarible, Blur, Tensor, and more marketplaces. Despite its Solana roots, there are also plenty of options in other chains it supports.

The development team has continued to engage with its community through regular updates, support, and feedback on their Github help support. The community-driven approach helps the development team understand first-hand what matters the most, building trust with end users and ecosystem developers alike.

Despite its many features, Phantom users are still limited to only six blockchains. This means users who want to explore other Ethereum-based Layer-2 or new Layer-1 chains may need to switch to other wallets. In a world where new blockchains are launched frequently, this could pose some challenges for users to use Phantom as their primary wallet.

While our experience using Phantom has been smooth, other users reported issues in slow responses and NFT display issues. With that said, the widespread adoption of Phantom Wallet emphasises how its comprehensive feature set has worked for a wide user base. Continuous integrations, community involvement, and ongoing development also keep users engaged despite its limited chain support.

User Experience

In our experience, Phantom provides a straightforward user experience, making it suitable for both inexperienced and seasoned cryptocurrency users.

*4-step signup with recovery phrase with Phantom (Feb 2025)*

Signing up is simple to do even if we opt for using a recovery phrase, which arguably has more friction than a social login. The 4-step process took us less than a minute to complete signing up.

Once we have a new wallet, the user interface prompts us to create a new username unique to our own wallet. It allows users to send funds to each other with usernames without having to copy-paste the long wallet addresses.

After setting up the username, Phantom UI prompts us to onramp or deposit crypto to get started. Such “tutorials” are particularly useful for new-to-crypto users who may otherwise be lost in what to do.

One thing we notice is that our new account automatically generates a set of 3 wallet addresses: 1 for Solana, 1 for EVM (Ethereum, Base, and Polygon) and 1 for Bitcoin. With another click we can generate a new account with a new set of wallet addresses for 5 chains.

This covers all chains supported by Phantom except for Sui – we are unsure why a Sui address is not automatically generated. Nonetheless we are glad to see how users can tap into multiple ecosystems immediately with wallet addresses at the ready.

*First-look UI for new users (Feb 2025)*

Our own user experience echoes other online reviews that praised its clean and minimalistic design. The wallet provides a straightforward onboarding process, ensuring accessibility for newcomers while maintaining advanced functionalities for seasoned users. Its intuitive navigation allows for smooth token swaps, staking, and NFT management without unnecessary complexity.

Security

No one likes losing money. That’s why security is the most important factor when considering which wallet to use.

Throughout the last few years of Phantom operations, we found 2 particular reports related to Phantom users. Let us be clear – neither incident was found to be caused by the Phantom development team. Nonetheless we believe it’s important for potential users to be aware of risks associated with using a self-custodial wallet such as Phantom.

The first incident, reported by Check Point Research, was a massive phishing campaign targeting users of Phantom, Metamask, and PancakeSwap in 2021. Phishing sites under domain names such as “phanton.app” lured unaware users into importing their wallet’s recovery phrase, allowing attackers to gain control of their wallets. It resulted in the loss of over half a million US dollars. It was challenging for users to identify the phishing sites as they not only imitated the official domains, but also bought Google adwords to place itself at the very top of search results. Phantom has stepped up its game in fighting phishing since then – check out the video below to learn more!

The second incident was reported by Coindesk. This incident led to a loss of millions across 9,000 wallets. Phantom Wallet claims it is not compromised in this hack. It states that the attack was limited to users who imported existing wallets which were created by or once used Slope, another wallet provider, where the vulnerability was exploited by the hackers. Phantom has also implemented a number of security features after this incident:

Transaction previews enabled by Blowfish (now acquired by Phantom), which serves as a firewall against malicious transactions, shielding customers from supply chain threats, phishing, and DNS hijacking.
Open-source, daily-updated blocklist of more than 2,000 unsafe domains to stop users from visiting fraudulent websites.The list of this blocklist is available on GitHub and is open to community contributions.
Two-Factor Authentication (2FA) for enhanced security of user accounts, with fingerprint or facial recognition for additional protection on mobile.
Continuous updates with security patches to address new vulnerabilities.

Despite these safeguards, the security incidents serve as a warning. When using a self-custodial wallet, users must be cautious in exposing their private keys or recovery phrases––as that is all it takes for someone else to access your funds.

The Slope hack occurred as it used Transport Layer Security (TLS) to transmit recovery phrases from its mobile app to a centralized server for app monitoring. However, these phrases were stored in plain text on the server, leaving them unencrypted and vulnerable. Attackers who gained access to the server could easily retrieve the recovery phrases, derive private keys, and steal funds from affected wallets. This breach underscores the importance of securing private keys properly.

Self-custodial wallets set up with a conventional seed phrase model puts the onus of security on users. Although it is common practice to create a wallet with a 12- or 24-word seed phrase, users face significant challenges in safeguarding it. They must either write it down or save it digitally, both of which carry dangers of the phrase being lost or getting stolen.

Alternative authentication techniques are becoming more popular in light of these difficulties. While Multi-Party Computation (MPC) with Threshold Signature Schemes (TSS) improves security by distributing keys over multiple devices, WebAuthN (or Passkeys) provides a more approachable and password-less method. This improves security without having users use a hardware wallet such as Ledger, which requires them to purchase a separate hardware and carry it with them. The security and usability of self-custodial wallets could be greatly enhanced by a move toward more robust and user-friendly wallet creation techniques.

How Phantom compares against other wallets

Before wrapping up this review, we are going to compare Phantom against other widely used wallets especially within the Solana ecosystem.

We selected Metamask, Trust Wallet, and Solflare as benchmarks given their diverse features and widespread use within the crypto community. We also omitted some standard features in the comparison as they are commonly available in all wallets.

To learn more about these other wallets:

MetaMask was established in 2016 and is one of the most widely used self-custodial wallets, particularly within the Ethereum ecosystem.
Trust Wallet was introduced in 2017 and boasts over 60 million downloads and millions of monthly active users.
Solflare was launched in 2020 and is considered the first wallet built for the Solana ecosystem.

Conclusion

Phantom’s comprehensive features, user experience, and security practices make it stand out in the cryptocurrency community. Strong security features like transaction previews, blocklists of harmful domains, biometric security, and two-factor authentication (2FA) help users safeguard their funds. Nevertheless, its self-custodial nature means users need to be vigilant in protecting their private key.

Now that we’ve got a clearer picture of what Phantom Wallet offers, we’ll dive deeper into its user adoption and business model in… right here ⬇️

Protocol Review