How I Resolved the “Malicious App” Warning on Phantom Wallet Extension
#solana#blockchain#programming#javascript
Block Experts

Block Experts @blockexperts

About: Blockchain Experts, just building blockchain products!

Location:
Paris, France
Joined:
Jul 17, 2024

How I Resolved the “Malicious App” Warning on Phantom Wallet Extension

Publish Date: May 31
6 5

🛡️ How I Resolved the “Malicious App” Warning on Phantom Wallet Extension

If you're building a dApp or browser extension that interacts with the Phantom Wallet, and you've seen your app flagged as malicious, you’re not alone. i got the same on my token manager Dapp Solana token manager

I recently ran into this issue, and after some debugging and a successful resolution, I thought I’d share my experience. If you're seeing similar warnings and want to remove the "malicious app" label, here's how to go about it.

🚨 The Problem: "Malicious App" Warning

Phantom Wallet sometimes flags apps or extensions that interact with wallets in an unsafe or suspicious way. This can happen if:

  • You manually sign and send transactions using raw methods.
  • You bypass Phantom's secure APIs.
  • Your code behaves like a phishing attack (even if unintentionally).

This results in a scary warning for users, which harms trust and adoption.

✅ The Fix: Use signAndSendTransaction

The key is to use Phantom’s secure APIs correctly. Specifically, instead of signing and sending transactions manually like this:

const signedTransaction = await signTransaction(transaction);
const txId = await connection.sendRawTransaction(signedTransaction.serialize());
await connection.confirmTransaction(txId, 'confirmed');
Enter fullscreen mode Exit fullscreen mode

Switch to Phantom’s recommended helper method:

 const provider = getProvider();
  const { signature } = await provider.signAndSendTransaction(transaction);
  await connection.getSignatureStatus(signature);
Enter fullscreen mode Exit fullscreen mode

🔒 Why this works
Phantom can detect when your app uses its secure, native API (signAndSendTransaction) which maintains the right security and UX expectations for users. Using raw signing and serialization steps may look like spoofing to the wallet, even if your code is safe.

📧 Still Flagged? Request a Manual Review
If you've already made the switch but the warning persists, you can request a manual review from the Phantom team:

✉️ Email: review@phantom.com
📄 Include details like:

Your project name

GitHub or website URL

Code snippets showing secure API usage

✅ Checklist to Avoid Being Flagged

  • Use signAndSendTransaction instead of raw signing/sending.

  • Avoid modifying the transaction structure after signing.

  • Do not inject hidden fields or overwrite wallet methods.

  • Don’t request excessive permissions.

  • Make your code open-source if possible (helps with review).

Comments 5 total

Add comment