TechFlow reports that on February 12, 23pds, Chief Information Security Officer at SlowMist Technology, issued a warning about a potential security vulnerability in the latest version of the Phantom wallet. Victims have explained the risks associated with Phantom Profile: when users import a recovery phrase from an unknown source, if that recovery phrase is already linked to a Phantom Profile, the wallet will automatically log into that account system, putting users' assets at risk of theft.
According to victim accounts, when users who haven't previously enabled Phantom Profile import such a recovery phrase, the wallet automatically logs into a pre-configured attacker's account system instead of merely importing a single wallet address. Because the latest version of Phantom uses a Unified Profile System, this action grants attackers associated device permissions, allowing them to monitor the user's subsequent deposit activities and carry out cryptocurrency theft.
Reminder: Never import recovery phrases from unknown sources. Users are advised to use a brand-new device when importing a new wallet to avoid compromising their primary assets.




