🛡️ How I Resolved the “Malicious App” Warning on Phantom Wallet Extension
If you're building a dApp or browser extension that interacts with the Phantom Wallet, and you've seen your app flagged as malicious, you’re not alone. i got the same on my token manager Dapp Solana token manager
I recently ran into this issue, and after some debugging and a successful resolution, I thought I’d share my experience. If you're seeing similar warnings and want to remove the "malicious app" label, here's how to go about it.
🚨 The Problem: "Malicious App" Warning
Phantom Wallet sometimes flags apps or extensions that interact with wallets in an unsafe or suspicious way. This can happen if:
- You manually sign and send transactions using raw methods.
- You bypass Phantom's secure APIs.
- Your code behaves like a phishing attack (even if unintentionally).
This results in a scary warning for users, which harms trust and adoption.
✅ The Fix: Use signAndSendTransaction
The key is to use Phantom’s secure APIs correctly. Specifically, instead of signing and sending transactions manually like this:
const signedTransaction = await signTransaction(transaction);
const txId = await connection.sendRawTransaction(signedTransaction.serialize());
await connection.confirmTransaction(txId, 'confirmed');
Switch to Phantom’s recommended helper method:
const provider = getProvider();
const { signature } = await provider.signAndSendTransaction(transaction);
await connection.getSignatureStatus(signature);
🔒 Why this works
Phantom can detect when your app uses its secure, native API (signAndSendTransaction) which maintains the right security and UX expectations for users. Using raw signing and serialization steps may look like spoofing to the wallet, even if your code is safe.
📧 Still Flagged? Request a Manual Review
If you've already made the switch but the warning persists, you can request a manual review from the Phantom team:
✉️ Email: review@phantom.com
📄 Include details like:
Your project name
GitHub or website URL
Code snippets showing secure API usage
✅ Checklist to Avoid Being Flagged
Use signAndSendTransaction instead of raw signing/sending.
Avoid modifying the transaction structure after signing.
Do not inject hidden fields or overwrite wallet methods.
Don’t request excessive permissions.
Make your code open-source if possible (helps with review).
Top comments (4)
Great post! I’m facing the same Phantom warning and already switched to signAndSendTransaction, but Blowfish still asks for a vouch from an established dev. Would you be open to helping or pointing me to someone who could vouch? I’d really appreciate it! 🙏
Better to check with a dev you know personally — sorry, mate!
Had success getting it removed with dappdetect.com/wallet-warnings/pha...
phantompass.net try this
Some comments may only be visible to logged-in visitors. Sign in to view all comments.